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EDS  helps  fire  departments  respond  to  twice  as  many  calls 
in  half  the  time  through  our  state-of-the-art  emergency 
management  and  dispatch  system.  To  find  out  more  visit 
www.areyoureadyfornow.com 


III  ARE  YOU  READY  FOR  NOW? 


IN  NOW 

HELP  ISN'T  ON 
THE  WAY,  IT'S 
ALREADY  THERE 


Leaders  Wanted/CiO  Challenge  Series 

Challenge  #4: 

Deliver  business  intelligence  that  inspires  everyone,  even  your  CEO. 


Solution: 

Hyperion — your  management  system  for  the  global  enterprise. 

Here’s  the  paradox:  If  you  give  every  department  the  Bl  they  want,  nobody 
gets  the  Bl  they  really  need.  So  how  do  you  transform  Bl  into  a  strategic  tool 
that  guides  the  enterprise  at  every  level?  Only  Hyperion®  System™  9  BI+™ 
lets  you  produce,  manage  and  deliver  strategic  Bl  that  integrates  your 
financial  and  operational  data.  The  result:  information-rich  reports  that 
allow  management  to  more  accurately  predict  the  future.  More  insights, 
fewer  reports.  Isn’t  that  what  smart  Bl  is  all  about? 


FIND  OUT  HOW  TO  PUT  THE  BUSINESS 
IN  BUSINESS  INTELLIGENCE. 

Go  to  http://smartbi.hyperion.com 

#  Hyperion” 

The  future  in  sight 


©  2007  Hyperion  Solutions  Corporation.  All  rights  reserved,  "Hyperion,"  the  Hyperion  logo,  and  Hyperion’s  product  names  are  trademarks  of  Hyperion.  References  to  other  companies  and  their 
products  use  trademarks  owned  by  the  respective  companies  and  are  for  reference  purpose  only. 
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41  Ones  to  Watch 

Today’s  up-and-comers,  tomorrow’s  CIOs.  By  Steff  Gelston 


Columns 


42  How  to  Unleash  Your  Leaders 

leadership  development  CIOs  who  want  to  succeed  as  business 
partners  and  strategists  can’t  do  it  alone.  Success  requires  unshackling 
the  leaders  within  your  IT  organization  and  letting  them  run. 

By  Stephanie  Overby 

56  What  Are  the  Challenges? 

the  mid-market  cio  Tight  budgets.  Leadership  churn.  Meeting  the 
demands  of  the  business.  Ones  to  Watch  CIOs  share  their  secrets  for 
addressing  these  issues  in  mid-market  organizations. 

By  Katherine  Walsh 

29  The  Risk  of  Becoming  Big  Brother 

cover  story  |  security  governance  Are  you  being  asked 
to  monitor  employees  as  they  use  corporate  IT?  That’s  a  slippery  slope, 
as  recent  litigation  shows.  Here’s  how  to  do  it  right. 

By  Thomas  Wailgum 


24  |  The  Harmonious  Leader 
leadership  The  key  to  becoming  a 
better  leader  is  to  align  your  own  values  with 
what’s  important  to  your  organization. 

By  Tom  Murphy 
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6  From  the  Editor 

If  you  want  to  lead  people,  let  them  go. 

By  David  Rosenbaum 
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Today,  problems  with  IT  education 
can  sabotage  our  attempts  to  compete 
globally.  By  Gary  Beach 
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►  A  Ones  to  Watch  dynasty 

►  Test  your  developers’  safety  smarts 
Virtualization:  How  do  you  stack  up? 

►  Adobe  takes  on  .Net,  Java 


How  do  you  measure  up? 

Are  you  willing  to  take  risks?  Able  to  embrace 
change  and  build  teams?  Fluent  in  the  languages 
of  business  and  technology?  These  are  just  some 
ofthequalities  possessed  by  the  future  IT  leaders 
featured  in  Ones  to  Watch.  Through  interviews  and  a 
survey,  we  gleaned  important  insights  about  leader- 
shipfrom  these  25  honorees.GotoCIO.com  to  take 
our  online  quiz  and  see  how  you  compare  to  these 
emerging  leaders.  And  read  about  all  25  winners. 


►  How  to  succeed  as  a  turnaround  CIO 

►  Hot  Jobs:  Head  of  IT  finance 

19  Essential  Technology 

An  alphabet  soup  of  industry  standards 
has  emerged  around  service-oriented 
architecture.  But  you  don’t  have  to 
drown  in  this  bowl  of  acronyms. 

By  Bob  Violino 
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The  origins  of  geek 

By  Scott  Berinato 
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[CIO  MOVES] 

MOVED  &  SHAKEN 

When  CIOs  move,  they  leave  behind  hard¬ 
working  employees— and  strong  fee  lings. 
How  do  we  know?  We’ve  been  col  lecting 
them  in  a  blog,  Moved  &  Shaken,  a  discussion 
about  IT  executives  and  the  management 
decisions  they  make. 

advice.cio.com/blogs/moved_and_shaken 


[HALL  OF  FAME] 

THE  BEST  IN  HISTORY 

Who  has  profoundly  affected  the  practice 
of  IT  duringthe  past  two  decades?  Who  has 
shaped  the  CIO  role?  We'll  be  inducting  20 
newhonorees  into  the  CIO  Hall  of  Fame  to  be 
featured  in  the  special  20th  anniversary  issue 
of  CIO.  Make  your  nomination  online. 

www.cio.com/cio-awards/cio-hall-of-fame/ 


[ADVICE  &  OPINION] 

CIO’ S  DAILY 
DIALOGUE 

Join  the  conversation  in 
our  Advice  &  Opinion 
section,  where  you  and 
other  experts  can  share 
opinions  about  best 
business  practices, 

IT  strategy  and  more. 
Seeadvice.cio.com. 


»  CIO  job  search:  One  IT  executive’s  chronicle 
»  Alarmed:  The  endangered  Internet 
»  HowTo:  The  ABCs  of  Web  2.0 

»  HowTo:  Five  Things  You  Should  Know  About  Fighting  Spam 
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Motion™  recommends  Windows  Vista™  Business. 


The  next  generation  of  ultra-mobile  computing  technology  from  Motion  Computing® 
has  arrived.  High  performance  is  yours  with  the  Motion  LE1700  Tablet  PC  featuring 
the  Intel®  Core  "2  Duo  processor  inside  its  sleek,  lightweight  design.  Take  the  Motion 
LE1700  Tablet  PC  with  you,  whereveryou  go,  and  experience  a  new  level  of  wireless 
freedom,  from  anywhere,  with  optional  embedded  wireless  broadband  (WWAN) 
technology.  No  other  Tablet  PC  offers  the  ultimate  performance  that  you’ll  receive 
with  the  Motion  LE1700. 

Choose  the  Motion  LE1700  Tablet  PC  and  experience  wireless  freedom  like 
never  before. 

1-866-MTABLET 

www.motioncomputing.com 

Contact  your  Motion  Solution  Provider 
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of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  All  other  trademarks  and  registered  trademarks  are  the  property  of  their  respective  owners.  Internet  access  is  required  to 
enable  certain  functionality  of  the  software  included  with  this  computer. 
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WatchingYou 

If  you  wantto  lead  people,  letthemgo 


"Motorola  CIO  Patty  Morrison  sleeps  well  at 
night.  She  takes  real  vacations.  She  has  time  to  think.” 

That’s  how  Senior  Editor  Stephanie  Overby  begins 
her  article  “How  to  Unleash  Your  Leaders”  (Page 
42),  in  our  third  annual  Ones  to  Watch  awards  issue, 
beginning  on  Page  41. 

Imagine:  Vacations.  Time  to  sleep.  Time  to  think. 
In  our  2007  “State  of  the  CIO”  report  ( wzvw.cio.com/ 
state-of-the-cio/2007/index),  the  lack  of  time  for  stra¬ 
tegic  planning  and  thinking  was  rated  by  CIOs  as  the 
number-one  barrier  to  job  effectiveness.  So  how  does 
Morrison,  CIO  of  a  $42  billion  company  in  a  hypercompetitive  market,  do  it?  Is  it 
Zen?  A  secret,  proprietary  time-management  tool? 

No.  It’s  something  every  CIO  already  has.  It’s  called  a  staff.  The  difference  between 
c  you  sleep-deprived  CIOs  and  Morrison  may  be  that  she  trusts  and  empowers  hers— 

<  not  always  such  an  easy  thing  to  do. 

When  I  was  a  sprout  of  36, 1  became  editor  of  a  large,  successful  city  magazine. 
I  burned  to  succeed  and  because  I  believed  that  I  could  do  most  everything  better 
than  anyone  else,  I  tried  to  do  everything,  thereby  turning  a  staff  of  talented  people 
into  a  bunch  of  disaffected  layabouts.  Not  given  responsibility,  they  didn’t  take  any. 
•  I  thought  they  were  the  problem.  They  weren’t.  I  was. 

In  our  Ones  to  Watch  issue,  ably  honchoed  by  Senior  Editor  Steff  Gelston,  you’ll 
find  lots  of  tips  on  how  to  create  leaders  within  your  organization,  but  the  most 
important  leader  to  work  on  is  you.  If  you  want  your  people  to  embrace  the  mission, 
you  have  to  let  them  own  it.  Which  means  you  have  to  let  go.  And  that  takes  guts. 

Leadership  is  often  thought  of  as  a  soft  skill  because,  it’s  assumed,  it  doesn’t  trans¬ 
late  easily  into  metrics.  Nonsense.  The  metric  by  which  leadership  can  be  measured 
is  right  there  on  the  P&L.  And  everyone  in  your  enterprise  can  see  that  at  a  glance. 

Twelve  men  and  women  who  understood  that  are  in  the  CIO  Hall  of  Fame.  Ten 
years  ago,  celebrating  CIO’s  10th  anniversary,  we  inducted  12  members.  This  year, 
to  celebrate  our  20th,  we’re  looking  to  induct  20  new  CIOs  and  we  would  love  your 
input.  Go  to  www.cio.com/cio-awards/cio-hall-of-fame/index  to  find  out  who’s  already 
there,  and  to  find  the  form  to  nominate  someone  you  believe  has  had  a  profound  and 
positive  impact  on  the  IT  discipline  over  the  past  20  years.  Thanks. 


1 

6  MAY  1,  2007  |  www.cio.com 


David  Rosenbaum,  Editor 

drosenbaum(a)cio.com 


PHOTO  BY  WEBB  CHAPPELL 


EDITORIAL 

editor  in  chief  Abbie  Lundberg 
editor  David  Rosenbaum 

EXECUTIVE  EDITORS 

Christopher  Koch.  Elana  Varon 

TECHNOLOGY  EDITOR 

Laurianne  McLaughlin 

SENIOR  EDITORS 

Stephanie  Gelston. 

Stephanie  Overby. 

Ben  Worthen 

SENIOR  WRITER 

Thomas  Wailgum 

ASSISTANT  MANAGING  EDITOR 

Emily  S.  Henderson 

SENIOR  COPY  EDITOR 

Cathy  Mallen 

COPY  EDITOR 

Susan  Bryant-Still 

ASSOCIATE  STAFF  WRITERS 

Christopher  Lynch.  Katherine  Walsh 

EDITORIAL  ADMINISTRATOR 

Jill  Paquette 

CONTRIBUTORS 

Marc  Ferranti,  Jeremy  Kirk,  Elizabeth  Montalbano. 
Tom  Murphy,  Bob  Viol i no 

DESIGN 

EXECUTIVE  DIRECTOR,  ART  AND  DESIGN 

Mary  Lester 

ART  DIRECTOR 

Terri  Haas 

ONLINE  EDITORIAL 

ONLINE  EDITORIAL  DIRECTOR 

Christopher  Lindquist 

ONLINE  MANAGING  EDITOR 

Michael  Goldberg 

SENIOR  ONLINE  EDITORS 

Sandy  Kendall,  Meridith  Levinson. 

Shawna  McAlearney,  Esther  Schindler 

ASSOCIATE  ONLINE  EDITOR 

Diann  Daniel 

ONLINE  WRITER  Al  SaCCO 
ONLINE  COPY  EDITOR 

David  Gradijan 

RESEARCH 

RESEARCH  MANAGER 

Carolyn  Johnson 

SENIOR  RESEARCH  ANALYST 

Seanna  Maguire 


CXO'  MEDIA  INC. 


INTERNATIONAL  DATA  GROUP 

board  chairman  Patrick  J.  McGovern 

president,  idg  communications  Bob  Carrigan 


BPA 


©CXO  Media  Inc. 


who  covers  what  www.cio. com/staff/ 
e-mail  letters@cio.com  phone  508  872-0080 
fax  508  879-7784  address  CIO  Magazine,  CXO  Media 
Inc.,  492  Old  Connecticut  Path,  P.0.  Box  9208, 
Framingham,  MA  01701-9208  website  www.cio.com 
SUBSCRIBER  SERVICES  866  354-1125  • 

Fax  847  564-9453  •  E-mail  cio@omeda.com 
reprint  services  Keith  Williams  •  PARS  International 
•  212  221-9595  ext.  319  •  E-mail  keith.williams @ 
parsintl.com  rights  and  permission  Yadira  Pizarro  • 
212  221-9595  ext.  231  •  E-mail  yadira@parsintl.com 


More  bandwidth  than  you’ll  know  what  to  do  with. 


That’s  what  we  offer  the  IS/IT  industry.  For  example,  the  Louisiana  Optical  Network  Initiative  (LONI) 
connects  five  supercomputers  at  universities  across  the  state  and  makes  up  part  of  the  National 
LambdaRail,  a  nationwide  grid-computing  infrastructure  that  will  develop  technology  the  way  the 
interstate  highway  system  expanded  commerce.  Along  with  our  Gulf  Opportunity  Zone  incentives 
that  include  50%  bonus  depreciation  or  tax-exempt  bonds,  you  just  might  find  a  perfect  connection. 


Download  more  at  ^  ►  ► 


LouisianaForward.com 


////////////////////////////////////////M^^ 

TO  LEARN  MORE,  CALL  BOB  FUDICKAR  AT  225.342.5881  OR  VISIT  LOUISIANAFORWARD.COM/CIO 


©  2007  Louisiana  Economic  Development 


LOUISIANA 

ECONOMIC 

DEVELOPMENT 


BUSINESS  TECHNOLOGY  LEADERSHIP 


FROM  THE  PUBLISHER 


Left  Behind? 

Today,  problems  with  IT  education  can  sabotage  our 
attempts  to  compete  globally 


My  recent  column(www.cio.com/article/29087)  in 
which  I  suggested  that  America  must  retool  its  edu¬ 
cational  system  to  emphasize  training  in  the  sciences, 
math  and  technology  or  risk  becoming  a  nation  of 
digital  bricklayers  rather  than  architects  of  the  new 
global  economy  seems  to  have  hit  the  CIO  commu¬ 
nity  like.. .the  proverbial  ton  of  bricks.  I  quoted  from 
the  National  Center  on  Education  and  the  Economy 
report  “Tough  Choices  for  Tough  Times,”  which 
claimed  that  “the  core  problem  facing  America  is  that 
our  education  and  training  systems  were  built  for  another  era.” 

Like,  say,  the  19th  century. 

One  CIO,  who  moonlights  as  a  local  school  board  member,  pinned  the  blame  for 
that  on  outdated  traditionalist  thinking  carried  over  from  the  20th  century.  “How 
about  teaching  Mandarin  rather  than  French  and  German  in  our  classrooms?”  sug¬ 
gested  another.  (Interesting  thought.  Why  not?) 

A  security  executive  was  more  dour:  “Our  education  system  has  not  been  competi¬ 
tive  for  some  time  now.  The  system  is  broken.  We  fail  to  produce  leaders  who  take 
ownership  of  fixing  the  situation.  Writing  about  this  makes  me  sick.”  (See  “How  to 
Unleash  Your  Leaders,”  Page  42,  for  suggestions  on  how  to  produce  responsible 
leadership  at  all  levels  of  your  organization.) 

Another  reader  wrote:  “These  problems  are  systemic  and  endemic.  I’m  not  sure 
there’s  a  cure  the  federal  government  can  impose.  When  our  education  system  was 
considered  to  be  the  very  best  in  the  world  (in  the  20th  century),  it  was  during  a 
period  when  the  federal  government  played  a  very  minimal  role,  while  state  and  local 
governments  had  the  discretion  to  distribute  and  utilize  educational  funding  in  ways 
that  was  most  beneficial  to  their  constituents.” 

Some  branded  me  a  prophet  of  doom,  claiming  that  there  are  more  IT  jobs  now 
than  at  the  height  of  the  dotcom  boom.  One  reader  proposed  that  today’s  multiskilled 
American  workforce  is  more  knowledgeable  about  IT  applications  and  IT  building 
blocks  than  ever  before.  “This  is  progress,  not  death,”  he  added. 

What  do  you  think?  Are  we  making  progress,  or  are  we  dying? 


Gary  Beach,  Publisher 

gbeach(a)cio.com 
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of  nearly  3,000%. 


Learn  more,  download  a  new  IDC  White  Paper: 

Determining  the  Return  on  Investment  of  Web 
Application  Acceleration  Managed  Services 

Visit  www. akamai. com/CIO 
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Learningto  Love  Lean  IT 


best  practices  When  Pat 
Quinn  became  VP  of  information 
systems  and  technology  at  Acuity 
Brands  Lighting  two  years  ago,  his 
team  gave  him  a  welcome  gift:  a 
company-branded  clock,  set  to  count 
down  a  period  of  18  months— the 
longest  any  of  his  predecessors  had 
lasted.  The  lighting  division  of 
$2.4  billion  Acuity  Brands  had  gone 
through  five  IT  leaders  in  as  many 
years  before  Quinn. 

Quinn  now  views  the  gag  gift  as 
a  trophy.  And  he  credits  his  relative 
longevity  to  IT’s  embrace  of  lean 
manufacturing  principles. 

In  2004,  Acuity  Brands  got  a  new 
CEO  and  a  new  mandate:  Get  lean. 


The  CEO  sought  the  benefits  some 
manufacturers  had  gleaned  from 
embracing  lean  principles— busi¬ 
ness  performance  improvement  tools 
introduced  by  Henry  Ford  and  per¬ 
fected  by  Toyota,  designed  to  improve 
quality,  cost  and  delivery  in  manufac¬ 
turing  operations. 

Quinn  was  charged  with  providing 
systems  to  enable  the  manufacturing 
changes.  But  as  he  learned  more  about 
lean  tools  and  techniques  for  cutting 
waste  and  enabling  continuous 
improvement,  he  saw  that  IT  could 
benefit  from  them  as  well.  “Eliminat¬ 
ing  waste  doesn’t  just  apply  to  scrap 
metal.  It  can  mean  eliminating  the 
waste  of  intel-  Continued  on  Page  12 


A  Ones  to  Watch  Dynasty 

career  Erik  Keller,  VP  of  application 
development  at  moving  services  provider 
Sirva  and  a  2007  Ones  to  Watch  honoree, 
doesn’t  believe  in  the  old  adage  "Those  who  can’t  do,  teach.” 

(To  meet  this  year’s  Ones  to  Watch,  go  to  the  awards  section 
starting  on  Page  41.)  That's  because  Keller’s  mentor,  Eric 
Dirst,  is  not  only  a  teacher  but  also  an  accomplished  leader. 
Dirst  himself  earned  a  Ones  to  Watch  award  in  2005;  now  Sir- 
va’s  CIO,  Dirst  wants  to  help  Keller  reach  a  CIO  position  too. 

Keller  credits  much  of  his  success  to  his  relationship  with 
his  mentor.  “The  fact  that  he  was  a  Ones  to  Watch  winner 
and  moved  into  a  CIO  role  set  a  good  baseline  for  our  rela¬ 
tionship.  As  I  moved  into  my  current  role,  he  knew  how  he 
liked  to  be  mentored  and  was  able  to  apply  that.” 

Dirst  has  shared  valuable  insight  into  Sirva’s  corporate 
culture,  Keller  says,  which  helped  him  make  strategic  deci¬ 


sions  related  to  IT,  as  well  as  learn  the  best  way  for  IT  to 
communicate  with  the  business. 

Healthy  mentor/mentee  relationships  are  all  about  com¬ 
munication  and  respect,  Keller  says.  Keller  was  reporting 
to  the  COO  and  not  working  directly  in  IT  when  he  met 
Dirst,  so  they  were  able  to  build  a  nonmanager  relationship 
first,  which  Keller  says  helped  establish  an  atmosphere  of 
respect  that  continued  once  Dirst  became  his  boss. 

As  for  communication,  “You  need  to  help  your  mentor 
understand  what  you’re  looking  for  from  the  relationship 
and  the  kind  of  feedback  you  need,”  he  advises. 

Taking  a  page  from  Dirst’s  book,  Keller  keeps  the  lines  open 
with  his  own  employees.  He  meets  with  them  for  a  half  hour 
each  week  to  discuss,  among  other  things,  their  develop¬ 
ment  and  career  goals,  and  position  them  for  future  success. 

-Katherine  Walsh 
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Test  the  Safety  Smarts 
of  Your  Developers 

security  How  solidly  does  your  development  staff  write  its  code? 
How  can  you  judge  the  security  skills  of  a  potential  developer  you’d 
like  to  hire?  A  new  testing  process  could  help:  Amid  growing  Internet 
crime  enabled  in  part  by  faulty  programming,  the  SANS  Institute  will 
introduce  a  series  of  four  exams  for  developers  to  test  how  well  they  can 
craft  secure  code. 


The  exams  will  cover  C/C++,  Java/J2SE,  Perl/PHP  and  .Net/ASP, 
according  to  SANS,  which  runs  a  computer  security  training  institute. 

A  pilot  exam  program  will  start  in  August  in  Washington,  D.C.,  and  the 
program  will  be  extended  worldwide  by  year’s  end. 

The  exams  can  identify  gaps  in  a  programmer’s  training,  then  even¬ 
tually  enable  developers  to  gain  GIAC  Secure  Software  Programmer 
(GSSP)  status  through  the  Global  Information  Assurance  Certification 
(GIAC)  program,  part  of  SANS. 

The  program  arose  from  grassroots  need:  The  IT  industry  has  told 
SANS  it  doesn’t  know  how  well  its  programmers  write  secure  code, 
says  Steven  Crofts,  director  of  vendor  and  media  programs  at  SANS. 

“This  is  the  first  large-scale  attempt  to  validate  if  the  people  inside 
an  organization  know  what  they  are  doing,”  Crofts  says. 

According  to  Johannes  Ullrich,  chief  technical  officer  of  the  Internet 
Storm  Center,  a  part  of  SANS  that  monitors  security  vulnerabilities  and  the 
Internet’s  health,  Web  applications,  such  as  those  used  for  e-commerce, 
are  one  area  where  programmers  often  need  added  training  on  the 
security  implications  of  some  programming  language  features. 

-Jeremy  Kirk 


Virtualization  School 

emerging  technology  Are  you  leading  or  trailing  the 


other  fish  with  your  server  virtualization  plans?  Take  a  look  at  this 
snapshot  of  your  peers’  deployment  and  management  progress: 


72% 

of  today's  U.S. 
companies  with 
10,000-plus 
employees  use 
server  virtualization 


67% 

of  companies 
with  1,000  to  9,999 
employees  do  also 


SOURCE:  IDC 


50% 

of  today’s  virtual 
servers  support 
production  workloads 
(everyday  business 
appsand  core  IT 
infrastructure) 


15% 

of  enterprise 
IT  groups  are 
creating  a  specific 
"virtual  computing 
team”  to  manage 
this  effort 


Lean  IT 


i 


Continued  from  Page  11 

lectual  property  or  human  resources  or 
anything  else,”  he  says. 

The  IT  team  was  skeptical.  “They 
could  see  how  lean  was  valuable  for 
everybody  else,  for  manufacturing  or 
finance  or  anyone  they  viewed  as  trans¬ 
actional,”  says  Quinn.  “But  IT  saw  itself 
as  creative  and  worried  that  lean  would 
suppress  that  creativity.”  Quinn  under¬ 
stood.  “We’re  not  creating  widgets,” 
he  told  his  employees.  “But  when  you 
create,  for  example,  a  software  product, 
there’s  still  tremendous  waste.  And  cre¬ 
ating  a  process  framework  doesn’t  have 
to  depress  creativity.” 

IT  began  conducting  “Kaizen  events” 
—intensive  five-day  affairs  aimed  at 
bursts  of  business  process  improve¬ 
ment— that  shape  lean  transformations. 
The  IT  team  of  150  began  to  see  potential 
efficiency  and  quality  improvements  in 
areas  from  software  development  to  net¬ 
work  management.  Results  have  ranged 
from  finally  weaning  the  company  off 
IBM  mainframes  in  use  for  20  years  to 
transitioning  corporate  headquarters 
(and  175  call  center  agents  and  25  apps) 
to  VoIP  in  less  than  two  months. 

The  transition  has  required  big 
changes  in  thinking.  One  lean  event 
revealed  that  application  development 
could  be  greatly  improved  with  pair 
programming—  multiple  programmers 
working  together  on  code.  “I  thought, 
there’s  no  way  that’s  going  to  work,” 
says  Quinn,  a  former  programmer  him¬ 
self.  “But  I  was  completely  wrong.” 

Today,  the  continuous  improvement 
piece  requires  heavy  training  and  more 
involvement  by  Quinn  than  he  antici¬ 
pated.  “Two  years  in,  we’re  at  a  pretty 
good  point  in  the  journey,”  he  says. 
“There’s  no  way  we’re  there  yet.  But  if 
you  ask  someone  from  Toyota,  where 
they’re  40  years  into  the  journey,  I  don’t 
think  they  see  an  end  in  sight  either.” 

-Stephanie  Overby 


12  MAY  1,  2007  |  www.cio.com 


PHOTO  BY  JACOB  WACKER HAUSEN 


Innovations  by  InterSystems 


Embed  Ensemble.  Make  vintage  applications  richer,  without  rewriting. 


When  you  embed  Ensemble  in  your  applications,  they  become  more  valuable.  Ensemble-enriched 
applications  can  connect  with  multiple  systems  and  processes.  And  you’ll  be  able  to  rapidly 
enhance  your  existing  applications  -  without  rewriting  them  -  by  adding  InterSystems 
rich  Web  interfaces,  adaptable  workflow,  rules-based  business  processes, 
and  other  new  features.  Ensemble  is  the  easiest  integration  software  to  use 
because  it’s  not  a  stitched-together  suite  of  separate  parts.  We  created  it  as 
a  single,  architecturally  consistent  technology  stack  (integration  server,  data  server,  application 
server,  and  portal  development  software).  So  Ensemble  projects  are  typically  completed  in  half  the 
time  required  with  previous  generations  of  integration  products.  Embed  our  innovations,  enrich 
your  applications. 


ENSEMBLE 


See  a  demonstration  at  InterSystems.com/Ensemble22F 


C  2007  InterSystems  Corporation  All  rights  reserved  InterSystems  Ensemble  is  a  registered  trademark  of  InterSystems  Corporation.  4  07  ValEns22  CIO 
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Adobe  Takes  on  .Net,  Java 


web  applications  Adobe  Systems  has  unveiled 
Apollo,  an  intriguing  new  runtime  code  project:  It  gives 
users  an  alternative  for  building  Web-based  applications 
that  can  also  run  on  the  desktop  independent  of  a  browser. 
Apollo  lets  rich  Internet  applications  run  offline,  and  it 
could  threaten  the  popularity  of  programming  platforms 
such  as  Java  and  Microsoft’s  .Net,  Adobe  says.  Apollo,  like 
Flash  Player,  is  a  runtime  applet,  but  one  in  which  applica¬ 
tions  built  using  standard  Internet  development  technolo¬ 
gies  (such  as  HTML,  Flash  and  Ajax)  can  run  without  a  live 
Net  connection. 

Adobe  seems  to  be  taking  a  run  at  Microsoft,  which  has 
been  ramping  up  its  own  strategy  to  give  developers  tools 
for  building  Web  applications.  Microsoft  has  been  trying 
to  tie  those  applications  to  its  Windows  desktop  OS  and 
development  environment. 

Adobe  released  an  alpha  version  of  Apollo  on  its  Adobe 
Labs  site  in  March;  developers  can  download  this  and  a 
software  development  kit  forfree.  Look  for  a  full  release 
later  this  year,  says  Kevin  Lynch,  senior  VP  and  chief  soft¬ 
ware  architect  for  Adobe. 


One  example  of  Apollo  in  action:  Consultancy  EffectiveUI 
used  Apollo  to  build  a  desktop  application  for  eBay  that  lets 
eBay’s  auction  site  run  on  the  desktop  without  being  con¬ 
nected  to  the  Internet  or  accessed  through  a  browser. 

Notably,  Web  applications  built  with  Apollo  will  auto¬ 
matically  update  to  the  Web  any  information  that  a  user  has 
added  to  the  application  while  offline.  As  soon  as  the  user 
reconnects  to  the  Internet,  the  update  proceeds,  with  no 
extra  action  required  by  the  user. 

-Elizabeth  Montalbano 


Howto  Succeed  as  a  Turnaround  CIO 


on  the  move  Kevin 
Kern  relishes  joining  compa¬ 
nies  on  the  brink  of  disaster, 
which  need  a  Superman  CIO 
to  rebuild  IT  faster  than  a 
speeding  bullet  and  align  it 
with  a  reinvigorated  business 
in  a  single  bound. 

Kern,  51,  has  made  a  career 
out  of  these  chances.  In  2000, 
he  led  the  transformation 
of  Compaq  Europe.  After 
the  HP/Compaq  merger,  he 
rebuilt  HP’s  global  deliv¬ 
ery  and  managed  services 
organizations.  In  2004,  he 
stepped  into  what  he  calls 
“the  mother  of  all  transforma¬ 
tions”  when  he  signed  on  as 
CIO  of  Computer  Associates 


Kevin  Kern 


(CA).  He  was  part  of  the  team 
brought  in  to  clean  up  the 
embattled  software  company 
after  its  financial  scandal. 

Now  he’s  in  the  thick  of 
a  turnaround  at  IT  services 
provider  Unisys,  which  he 
joined  as  CIO  in  September 
2006.  “This  [transformation 
at  Unisys]  was  one  that  was 


well-known  in  the  industry, 
and  I  wanted  to  be  part  of  it.” 

Other  turnaround  CIOs 
who’ve  recently  turned  up  on 
CIO’s  radar: 

Mitchell  Habib  joined  The 
Nielsen  Company  in  March 
as  executive  VP  of  global 
business  services.  He  left  Citi¬ 
group  in  November  2006. 

Fiona  Balfour  resigned 
from  Australian  telecom 
company  Telstra  in  Febru¬ 
ary.  Before  joining  Telstra 
in  April  2006,  Balfour  led  a 
major  IT  transformation  at 
Qantas  Airways. 

Christopher  Bouvier 
became  CIO  at  Keystone  Peer 
Review  Organization,  a  medi- 


Five  Tips 

Kern's  advice  for  leading 

a  successful  turnaround: 

1.  Understand  the  key 

obstacles  to  success 
and  develop  ways  to 
work  around  them. 

2.  Play  an  active  role  in 
change  management. 

3.  Anticipate  where  you 
might  have  resource  con¬ 
flicts  and  discuss  fixes 
with  business  leaders. 

4.  Mobilize  your  team. 

5.  Remain  focused. 


cal  management  company,  in 
November  2006. 

-Meridith  Levinson 


cio.com 


Read  Meridith  Levinson’s  MOVERS  AND  SHAKERS  blog  for  the  latest  moves.  Find  it  at  blogs.cio.com. 


M-STSSS 


14  MAY  1,  2007  |  www.cio.com 


PHOTO  OF  SYSTEM  NETWORK  BY  CRAIG  BARHORST 


Everywhere 
you  turn... 


you're  hearing 
about  another 

SOA  solution. 


Seriously 

Over 

Advertised 


You  need  someone  who  can 

WALK  TH  E  WALK, 

not  just  talk. 


Enterprise  software  to  help  you  achieve  SOA  success. 

2,500+  Customers 
20  Years  Experience 
The  Power  of  Now®  soa.tibco.com 


©2006,  TIBCO  Software  Inc.  All  rights  reserved.  1568.0 
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Head  of  IT  Finance 


min 


job  description:  The  head  of  IT  finance  analyzes,  forecasts  and 
reports  the  operational  budget  for  the  IT  department.  Executives  in 
this  position  also  vet  costs  for  the  IT  component  of  business  plans  for 
other  departments.  The  precise  job  title  for  the  position  varies,  but 
companies  with  an  IT  staff  of  more  than  100  typically  would  have  a 
vice  president  of  IT  finance  reporting  directly  to  the  CIO. 

The  IT  finance  head  also  may  be  responsible  for  IT  procurement  and 
vendor  management  functions.  He  or  she  ensures  that  IT  adheres  to 
company  policies  related  to  the  Sarbanes-Oxley  Act  and  other  finan¬ 
cial  controls.  “Sarbanes-Oxley  has  placed  a  tremendous  burden  on  IT 
finance,  and  the  IT  function  has  an  important  role  in  Sarbanes-Oxley 
compliance,”  says  David  Van  De  Voort,  a  principal  consultant  with 
Mercer  Human  Resource  Consulting. 

iiiiiiiiniiiHiiiimmmmimmmmmmmmimmmmiimmmmmmiiiif 


why  you  need 

One:  Having  an 
IT  finance  chief  holds 
someone  accountable  at 
the  divisional  manager 
level  for  capturing  the 
maximum  value  from 
technology  investment, 
a  major  expenditure. 

As  corporations  place 
increasing  demands  on  IT 


Off'll! 

$100,000  to 

$150,000 


to  ensure  that  technology 
is  aligned  with  business 
goals,  the  IT  finance  head 
can  analyze  technology 
costs  across  divisions, 
with  a  “dotted  line"  report¬ 
ing  relationship  to  the 
chief  financial  officer. 

desired  skills: 

Bachelor’s  degree  in 
business,  IT,  finance  or 
a  related  field.  Excellent 
administration  skills;  abil¬ 
ity  to  communicate  clearly 
and  concisely.  Must 
possess  an  aptitude  for 
translating  complex,  tech¬ 
nical  subjects  into  clear, 
business-oriented  com¬ 
munications.  Ten  years’ 
experience  in  finance  or 
procurement,  with  IT 


management  or  leader¬ 
ship  background. 

how  to  find  one: 

Though  a  passion  for  and  an 
understanding  of  technology 
are  necessary,  candidates 
for  a  vice  presidential  role 
in  IT  finance  are  often  found 
in  finance  departments. 
“You  need  someone  who 
understands  financial  sys¬ 
tems  and  who  has  strong 
systems  and  business 
process  knowledge,”  says 
Mike  Burgett,  president 
and  managing  partner  of 
CIO  Partners,  an  executive 
search  firm.  “You’re  most 
likely  to  find  a  person  like 
this  in  finance  or  account¬ 
ing,  someone  who  might 
be  a  sort  of  ‘super  user.’” 


what  to  look  for: 

“You’re  going  to  need 
someone  with  better-than- 
average  diplomatic  and 
communication  skills, 
because  in  some  ways 
he  or  she  is  going  to  be 
a  stranger  in  a  strange 
land,”  says  Van  De  Voort. 

For  example,  a  financial 
person  will  have  to  con¬ 
vince  IT  people  that  he 
has  technology  bona  fides. 

elimination 
round:  Ask  prospec¬ 
tive  candidates  how  they 
manage  their  current 
staff  and  workload.  If  the 
answer  is  all  about  cutting 
costs,  watch  out.  You  want 
people  who  understand 
business  processes  and 
how  to  derive  value  out  of 
systems.  You  don’t  want 
bottom  feeders. 

-  :  >  F  .TUFA  M 


growing  your 


own: 


Look  first 

in  your  own  finance 
department  for  can¬ 
didates  with  intimate 
knowledge  of  the 
company’s  business 
processes,  personnel 
consultants  say.  Groom 
candidates  by  giving 
them  opportunities 
to  hone  their  budget¬ 
ing  and  organizational 
chops. 
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Turn  storage  into  a  staging  area  for  the  future. 


Unify  block  data  and  file-sharing  storage 
with  Microsoft.  A  simplified  storage  platform 
can  help  reduce  costs  and  information  silos 
while  it  improves  performance  and  amplifies 
access  to  enterprise  data.  Combat  your  complex, 
expensive  storage  environments  with  affordable 
solutions  featuring  Microsoft®  Windows®  Unified 
Data  Storage  Server  2003. 

Start  now  with  simple,  scalable,  flexible  storage. 

Find  Microsoft  storage  partners  at: 

http://www.microsoft.com/storage 


Unified  storage:  simultaneous  storage  management  of 
file-sharing  and  block-level  application  data  •  extended 
connectivity  and  versatility  for  network  storage 

Simple,  heterogeneous  storage  management: 

a  new  "out  of  the  box"  experience  for  iSCSI  volumes 
and  share  setup  •  a  new  management  snap-in  •  a  new 
file  sharing  wizard  for  server  message  block  and 
network  file  system 

Enterprise-ready  performance:  up  to  512 

snapshots  per  volume  •  native  multipathing  •  an 
x64  platform  for  extended  scalability  •  clustering 
support  for  high  availability 


tfkg  Microsoft' 

Ji  Windows 

Unified  Data  Storage  Server 2003 


Microsoft 
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Interactive  Intelligence- 

Deliberately  Innovative 

We  say  YES!  to  your  business's  future. 

Contact  us  to  discuss  designing  and  implementing  a  future- 
proof  unified  communications  platform  for  your  business 
information  needs.  We  welcome  the  opportunity. 

visit  I  www.inin.com 


©2007  Interactive  Intelligence  Inc.  All  rights  reserved. 


Ten  years  ago  a  phone  system  and 
some  bare-bones  e-mail  platform 
were  sufficient  in  business.  But 
that  was  a  decade  ago. 

Today's  business  requires  the  broader  reach  of  UNIFIED 
COMMUNICATIONS:  of  networks,  media  channels,  voice 
and  data,  information  systems,  business  applications, 
controls— and  people— coming  together  on  a  single 
platform. 

So  why  are  legacy  vendors  still  delivering  multi-point 
systems  that  only  make  voice  and  data  management 
processes  more  complex? 

In  one  of  the  first  true  solutions  for  unified  communications, 
we  introduced  an  all-in-one,  multi-channel  software 
platform  and  pre-integ rated  application  suites  to  blend  all 
media  types. 

That  was  in  1994. 

At  the  same  time,  we  saw  the  future...  and  built  our 
platform  architecture  on  open  standards  for  emerging 
technologies  like  VoIP,  scalability,  and  as-needed  networked 
integration  to  applications,  info  systems,  business  rules, 
and  the  strategies  and  processes  that  drive  them. 

IT  and  information  management  professionals 
have  begged  for  a  unified  approach  to  business 
communications  for  years. 

We've  been  listening  since  the  day  we  started. 


to  the  CIO 

who  knows  a 

2007  job  can't  be  done 
with  1997  technology. 


ESSENTIAL 
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An  alphabet 
soup  of  industry 
standards  has 
emerged  around 
service-oriented 
architecture.  But 
you  don’t  have  to 
frown  in  this  bowl 
of  acronyms. 


Stuck  in  the  SOA  Soup 

BY  BOB  VIOLINO 

I.T.  ARCHITECTURE  |  While  the  potential  benefits  of  SOA  are  clear,  like  the  ability  to 
reuse  existing  assets,  the  standards  picture  looks  anything  but  settled. 

Not  only  did  Forrester  Research  count  some  115  standards  floating  around  SOA  and 
Web  services  in  its  most  recent  study  on  that  topic,  it  also  found  that  just  confirming  which 
vendors  support  which  standards  is  nearly  impossible.  Yet  CIOs  must  press  ahead  with 
SOA  projects  in  order  to  meet  business  needs.  Hong  Zhang,  director  and  chief  architect 
of  IT  Architectures  and  Standards  at  General  Motors,  has  been  balancing  the  standards 
dilemma  with  ongoing  SOA  work  for  several  years. 

Zhang  says  it’s  actually  good  that  there  are  many  standards  related  to  SOA.  “This  indi¬ 
cates  that  the  software  industry  is  moving  toward  a  broad  adoption  of  SOA,”  he  says.  “The 
challenge  is  that  there  is  no  common,  consistent  architectural  framework  to  guide  the  evo¬ 
lution,  integrity  and  integration  across  these  standards.  Many  of  these  standards  are  not 
yet  mature.” 

How  can  CIOs  navigate  the  muddy  waters  until  those  standards  do  grow  up?  Technology 
executives  and  industry  experts  offer  this  advice:  Closely  monitor  the  standards  scene  and 
try  to  keep  your  options  open,  but  by  all  means,  don’t  delay  the  launch  of  key  SOA  projects. 
Several  strategies  can  help  you  avoid  getting  stuck  in  a  standards  pickle. 
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The  Standards  That  Matter 

First  off,  you  can  construct  just  a  key  list  of 
standards,  not  a  comprehensive  one,  as  you 
do  your  SOA  planning.  For  instance,  stan¬ 
dards  such  as  SOAP  and  WSDL  have  been 
broadly  adopted,  and  others,  including 
WS-Security,  are  ready  for  wide  adoption, 
says  Randy  Heffner,  an  analyst  at  Forrester 
Research.  But  other  specifications  needed  to 
build  Web  services  that  operate  with  high 
quality  of  service— such  as  standards  for 
management,  transactions  and  advanced 
security— are  mature  enough  only  for 
aggressive  technology  adopters,  he  says. 

Of  the  emerging  SOA  and  Web  ser¬ 
vices  standards,  Heffner  says  CIOs  should 
focus  on  the  following:  SOAP  1.1,  WSDL  1.1, 


WS-I  Basic  Profile  1.0  or  1.1,  UDDI  3.0.2, 
WS-Security  1.0  or  1.1,  WS-BPEL  2.0, 
BPMN,  WSRP  1.0,  XML  Schema  1.0,  XSLT 
1.0,  XPath  1.0,  XQuery  1.0,  XML  Signature 
and  XML  Encryption. 

CIOs  should  favor  standards-based  SOA 
over  native  protocols,  Heffner  says,  “but 
don’t  sacrifice  needed  quality  of  service 
[QoS]  for  any  given  app  just  to  use  stan¬ 
dards.”  Where  an  application  must  have 
greater  QoS  than  Web  services  can  provide, 
“do  tactical  workarounds  that  stay  close  to 
the  design  models  of  emerging  specifica¬ 
tions,”  he  says. 

Is  it  necessary  for  CIOs  to  know  which 
vendors  are  supporting  which  standards  at 
this  point?  “Not  in  a  comprehensive  way,” 
Heffner  says.  “But  CIOs  that  are  making 
a  major  software  infrastructure  partner 
choice  should  get  a  strong  picture  of  can¬ 
didate  vendors’  current  and  future  support 
for  SOA  and  Web  services  specs.”  You  need 


to  understand  your  current  vendors’  plans 
as  well,  he  says.  Otherwise,  you  risk  invest¬ 
ing  in  technology  that  might  not  meet  the 
long-term  business  goals  of  the  organiza¬ 
tion  or  its  SOA  strategy. 

Many  organizations  will  look  for  tem¬ 
porary  solutions— say  middleware— to 
overcome  a  lack  of  mature  standards. 
“From  the  CIO’s  perspective,  there’s  a  lot  of 
pressure  to  adopt  a  middleware  platform 
to  fill  in  where  standards  are  not  there,  but 
in  a  way  that  doesn’t  lock  them  into  it,”  says 
Jim  Stogdill,  CTO  at  Gestalt  LLC,  a  defense 
and  energy  consultancy  that  helps  clients 
launch  SOA  projects. 

But  it’s  important  not  to  commit  too 
much  to  one  middleware  vendor,  “because 


it  will  be  much  more  disruptive  later  to 
swap  out,”  he  says. 

Stogdill  advises  organizations  to  stick 
with  fairly  common  standards  such  as 
SOAP  and  WSDL,  “and  also  look  to  where 
your  line-of-business  application  vendors 
are  providing  services:  Then  integrate  line- 
of-business  applications  via  those  service 
interfaces  using  unintrusive  middleware.” 

GM’s  Selective  Strategy 

For  its  part,  General  Motors  learned  in 
its  early  SOA  efforts  to  identify  which 
standards  were  most  important  to  what 
the  company  was  trying  to  achieve.  GM 
launched  its  first  SOA  project  in  2000, 
an  architecture  called  Northstar,  for  its 
global  online  vehicle  showroom  services 
(GM  Global  BuyPower).  Northstar’s  goal: 
to  establish  a  global  common  SOA  plan 
flexible  enough  to  support  the  dynamics  of 
GM’s  business,  Zhang  says. 


To  achieve  this,  GM  designed  the  archi¬ 
tecture  to  separate  business  functions 
from  business  process  flow  (the  sequence 
of  the  business  functions  to  be  performed). 
The  company  also  separated  the  physical 
locations  of  business  data  from  those  of 
the  business  functions  using  the  data,  and 
user  interfaces  from  the  business  process 
flow,  business  functions  and  business  data, 
Zhang  says. 

GM  successfully  deployed  the  Northstar 
architecture  in  more  than  40  countries  in 
2001.  The  architecture  helped  GM  fulfill 
various  business  needs  quickly,  such  as 
meeting  data  location  regulations,  mak¬ 
ing  business  process  flow  changes  based 
on  business  engagement  rules  and  varying 
the  end  user’s  software  experience  based  on 
cultural  differences  in  individual  countries, 
Zhang  says. 

Since  the  company  also  uses  SOA  in 
other  consumer-focused  online  services, 
including  GM  OnStar  services,  it  plans  to 
develop  an  enterprisewide  strategy  and 
governance  program  for  broad  deployment 
of  SOA  internally  and  with  external  part¬ 
ners,  Zhang  says.  As  part  of  the  planning 
for  GM’s  next-generation  SOA  implemen¬ 
tation,  he’s  evaluating  the  latest  enabling 
standards  and  technologies. 

For  GM  today,  the  most  important 
specs  are  those  that  help  standardize  the 
interfaces  among  services  across  the  well- 
defined  service  layers  (presentation,  busi¬ 
ness  process  and  so  on).  The  next  most 
important  are  those  that  help  standardize 
the  implementation  of  the  services  within 
each  of  the  service  layers. 

As  part  of  developing  its  enterprisewide 
SOA  strategy,  the  company  is  identifying  the 
SOA  standards  around  which  of  its  needs 
are  mature,  which  should  be  monitored 
and  which  are  mandatory.  Among  these, 
GM  is  looking  at  WS-I  Basic  Profile  1.1  for 
enterprisewide  interoperability.  After  this, 
the  company  will  be  able  to  make  a  well- 
informed  decision  about  which  vendors  and 
products  to  use  in  its  broad  rollout  of  SOA. 

Another  SOA  adopter,  TD  Banknorth, 
has  taken  a  strategy  of  prioritizing  stan¬ 
dards  adopted  by  vendors  recognized  as 


i 1 


The  challenge  isthatthere  is  no 
common,  consistent  architectural 
framework  to  guide  the  evolution 
to  SOA. 


-Hong  Zhang,  director  and  chief  architect, 
IT  Architectures  and  Standards,  General  Motors 
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For  every  terabyte  of  disk  drives  sold  with 
3PAR  Thin  Provisioning  in  2007,  3PAR  will 
purchase  the  carbon  credits  to  offset  the 
emissions  of  one  terabyte  of  disk  drives. 
The  result:  carbon  neutral  storage. 


3PAR  Utility  Storage  with  Thin  Provisioning  is 

revolutionizing  the  mission-critical  data  center. 
3PAR  customers  can  buy  half  the  storage 
capacity  required  with  traditional  storage  arrays, 
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market  leaders  in  the  SOA  space  (for  exam¬ 
ple,  webMethods)  and  standards  recognized 
by  several  key  standards  organizations. 

The  banking  company  is  using  a  service- 
based  architecture  as  a  framework  for  the 
development  of  Web  services  for  application 
integration,  according  to  CIO  and  execu¬ 
tive  VP  John  Petrey.  TD  Banknorth  initially 
used  SOA  in  2004  when  it  deployed  web¬ 
Methods’  Fabric  software  suite  to  use  a  Web 
service  to  simplify  the  process  of  complet¬ 
ing  customer  address  changes. 

The  Web  service,  being  implemented 
now,  allows  TD  Banknorth’s  call  center 
agents  or  branch  employees  to  make  changes 
in  address,  then  automatically  have  those 
changes  take  effect  in  each  of  the  custom¬ 
er’s  accounts  with  the  bank.  Today  TD 
Banknorth  is  planning  other  SOA  projects, 
one  involving  a  small-business  loan  origina¬ 
tion  service  and  another  for  the  company’s 
online  banking  system. 


“The  primary  benefit  of  SOA  we  realize 
is  significant  reuse  of  services  across  the 
integration  solution  space,”  Petrey  says. 
That’s  resulting  in  a  substantial  reduction 
in  service  development  time  and  the  creation 
of  higher-quality  services  that  require  less 
debugging  and  testing,  he  says. 

To  date,  TD  Banknorth  has  adopted  basic 
standards  around  Web  services,  including 
XSD,  SOAP  and  WSDL,  Petrey  says.  “Going 
forward,  the  most  important  standards  will 


More  on  SOA 


For  background  on  CHALLENGES 
and  BENEFITS,  see  ABCs  of  SOA  at 

www.cio.com/article/40941, 

cio.com 


be  related  to  WS-I,  like  policy,  reliability  and 
security,  and,  to  a  lesser  degree,  addressing,” 
he  says. 

The  bank  works  “only  with  standards 
adopted  by  vendors  recognized  as  market 
leaders  in  the  SOA  space... and  regarded  as 
sufficiently  mature”  by  industry  research 
firms  such  as  Gartner,  Petrey  says.  “The 
standards  we  adopt  are  recognized  by  mul¬ 
tiple  standards  organizations  like  W3C  and 
WS-I,”  he  adds. 

TD  Banknorth  queried  companies  that 
had  adopted  standards  such  as  WS-Secu- 
rity  and  SAML,  “and  found  that  most  were 
struggling,”  Petrey  says.  “The  standards 
supposedly  were  ready  for  adoption  over  a 
year  earlier,  yet  no  one  was  really  using  the 
standards  the  way  they  were  designed  or 
marketed.  We  were  unable  to  find  a  success 
story.” 

Among  the  lessons  the  bank  has  learned 
in  its  foray  into  SOA:  Build  an  architecture  in 


a  way  that  promotes  a  modular,  flexible  and 
incremental  deployment,  “with  placeholders 
for  those  standards  to  be  adopted  as  subse¬ 
quent  functionality  requires,”  Petrey  says. 

Mastering  Middleware 

At  smaller  organizations,  some  CIOs  are 
forging  ahead  with  SOA  without  a  major 
emphasis  on  standards.  The  John  F.  Ken¬ 
nedy  Center  for  the  Performing  Arts  in 
Washington,  D.C.,  is  a  midsize  organiza¬ 
tion  that  uses  a  lot  of  commercial  software 
products,  some  of  which  are  moving  toward 
SOA,  says  Alan  Levine,  the  CIO. 

For  example,  the  center’s  enterprise 
resource  planning  vendor,  Lawson,  is  mov¬ 
ing  to  a  services  architecture.  The  Kennedy 
Center’s  CRM  platform,  Tessitura— an 


Howto  Sail 
Smoothly  in  a 
Sea  of  Specs 

■  Use  your  early  SOA  efforts  to  help 
decide  which  standards  are  most 
important  to  your  business  goals. 

■  Ask  for  examples  of  successful 
SOA  standards  deployment  sto¬ 
ries.  Just  because  standards  have 
been  out  for  a  year  doesn't  neces¬ 
sarily  mean  they’re  ready  for  full- 
scale  deployment. 

■  If  you’re  using  middleware  to 
provide  a  temporary  integration 
fix  because  of  the  lack  of  a  suitable 
standard,  make  sure  not  to  over¬ 
commit  to  one  vendor  or  product. 

-B.V. 

industry-specific  application  developed  by 
Impressario,  a  wholly  owned  subsidiary 
of  the  Metropolitan  Opera— also  is  mov¬ 
ing  toward  SOA. 

Levine  says  he’s  taking  steps  to  imple¬ 
ment  SOA  without  being  overly  concerned 
about  standards.  “We  focus  on  creating 
the  ‘glue’  that  allows  the  SOA  capabilities 
of  the  different  commercial  systems  to  fit 
together.” 

To  that  end,  the  center  is  developing 
middle-tier  solutions  in-house,  Levine  says. 

“Our  focus  is  rather  than  trying  to  choose 
a  standard,  it’s  knowing  what  to  do  to  get 
the  back  ends  to  interoperate,”  Levine  says. 
Of  course,  middleware  strategies  depend  on 
your  organization’s  size  and  existing  sys¬ 
tems.  Overall,  keep  your  eyes  on  the  prize: 
a  nimble  IT  organization.  As  GM’s  Zhang 
puts  it,  the  ultimate  goal  of  using  SOA  is 
“to  establish  a  flexible  information  systems 
and  services  environment  that  can  quickly 
realign”  as  business  needs  change.  BID 


Bob  Violino  is  a  freelance  writer.  To  comment  on 
this  article,  go  to  the  online  version  at  www.cio 
.com/article/104007. 


"We  focus  on  creatingthe  ‘glue’ 
that  allows  the  SOA  capabilities 
of  the  different  commercial 
systems  to  fit  together.’’ 

-Alan  Levine,  CIO,  John  F.  Kennedy  Center  for  the  Performing  Arts 
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Think  server  optimization  from  CDW  could  help? 
Or  are  you  okay  with  the  way  things  are  now? 


Enclosure  shown  with  both 
BL460c  and  BL480c  blade 
servers;  all  sold  separately 


HP  ProLiant  BL460c  Blade  Server 

•  Dual-Core  Intel®  Xeon®  Processor  5110  (1.60GHz)  allows  a  greater  workload 
per  processor 

•  Memory-intensive  applications  benefit  from  the  1GB  standard,  32GB  maximum 
(PC2-5300)  memory  buffers  that  allow  faster  speeds  and  more  capacity 

•  With  up  to  two  SATA/SAS  hard  drive  bays  you  get  quicker  access  to  data  and 
increased  storage  bandwidth 

•  On-chip  cache  (4MB  Level  2  Cache)  increases  dual-core  performance  and 
provides  faster  processor  hit  rate 


invent 


Xeon 


Inside ~ 

Dual-core. 
Do  more. 


$2299" 
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VMware®  Infrastructure  Data  Center 
Management  and  Optimization  Suite 

•  Optimizes  and  manages  industry-standard  IT  environments 
through  virtualization  -  from  the  desktop  to  the  data  center 

Standard  Edition  for  two  processors 
Call  CDW  994692 


ProCurve  Switch  4200vl 

•  Cost-effective  modular  switch  chassis 

•  Built-in  redundancy  protects  against  network  downtime 

•  Provides  high  quality  and  reliability  in  10/100  and  10/100/1000 
scalable  solutions 


$2349.99  CDW  1138249 


[§]  vmware 


We're  there  with  the  server  solutions  you  need. 

Is  managing  your  growing  number  of  servers  and  your  growing  storage  needs  getting  to  be  too  much?  At  CDW,  we're 
there  with  everything  you  need  to  optimize  your  servers.  From  server  consolidation  to  storage  management,  networking 
to  virtualization,  CDW  can  answer  your  questions  and  get  you  the  solutions  you  need.  So  call  today.  It's  time  you  ran  your 
network,  not  the  other  way  around. 
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FIELD-TESTED  IDEAS  FROM  CIOs  TO  CIOs 


The  Harmonious  Leader 

The  key  to  becoming  a  better  leader  is  to  align  your  own  values  with  what’s  important  to 
your  organization  by  tom  murphy 


s  IT  leaders,  we  know  we  must  be  agents  of 
change.  Some  of  us  have  embraced  this  challenge 
more  readily  than  others.  The  main  reason  we 
have  struggled  to  meet  this  new  expectation  is 
that  for  years  CIOs  were  not  valued  for  their  leadership  skills 
per  se  but  rather  for  the  project  management  and  technical 
skills  necessary  to  meet  the  basic  blocking  and  tackling  of  IT 
service  delivery. 

Now  we  find  ourselves  setting  strategy  and  creating  com¬ 
petitive  opportunities  for  our  companies.  What  this  means 
is  that  we  can  no  longer  lead  through  control  of  projects  and 
resources,  expecting  our  staff  to  do  as  we  say.  Rather,  we  have 
to  demonstrate  we  are  worthy  of  being  followed.  We  need  to 
be  authentic.  Authenticity  of  leadership  is  the  first  step  toward 
building  high-performance  teams. 

The  Leader  Makes  the  Culture 

A  high-performing  IT  organization  has  a  culture  that  I  call 
purposeful.  This  culture  is  characterized  by: 

■  A  clear,  compelling  purpose  that  drives  decisions  and  ignites 
passion  among  employees. 

■  Shared  values  that  serve  as  guidelines  for  delivering  on  the 
organization’s  promise  to  its  constituents. 

■  A  work  environment  that  encourages  individuals  to  take 
ownership  of  the  organization’s  performance  and  its  culture. 

The  successful  integration  of  performance  with  culture 
starts  with  the  CIO.  We  establish  our  organization’s  shared 
values.  Then  we  live  them. 

I  have  experienced  how  powerful  an  organization  becomes 
when  this  is  done  well.  But  I  have  also  been  in  situations  where 
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Today's  IT  Leaders  on  Market  Trends 
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L  COST  OF  OWNERSH 

MAKING  IT  INVESTMENTS  COUNT 


In  this  fast-changing  and  fiercely  competitive 
world,  IT  executives  regularly  need  to 
understand  and  rationalize  business  deci¬ 
sions  based  on  the  total  cost  of  ownership 
(TCO),  and  face  ongoing  pressure  to  slash  costs 
and  maximize  budgets. 

TCO  seems  like  a  simple  concept,  which 
involves  measuring  all  of  the  costs  during  the  life 
cycle  of  a  project.  However,  whether  rhe  focus  is 
on  servers,  databases,  desktop  PCs,  security 
issues  or  other  investments,  in  reality  it  can  be 
difficult  and  time-consuming  to  accurately  assess 
TCO.  CIOs  need  to  answer  various  questions 
while  creating  a  TCO  model:  Which  factors 
should  our  enterprise  use  to  measure  TCO?  Do  the 
factors  that  comprise  a  TCO  initiative  change  over 
time ?  Are  all  the  factors  equally  important  while 
calculating  TCO?  Which  cost  categories  are  the 
largest  components  of  TCO? 

Why  TCO  Matters 

Through  the  course  of  numerous  TCO  studies, 
IDC  has  found  that  the  majority  of  the  three- 
or  five-year  costs  come  from  two  key  areas: 
staffing  and  user  downtime.  Figure  1  depicts  the 
typical  TCO  allocation  for  a  server  environment 
over  a  three-year  time  frame  and  is  based  on 
more  than  300  interviews  conducted  across 
numerous  platforms. 

This  chart  conveys  two  important  facts 
about  TCO:  While  organizations  feel  the  imme¬ 
diate  “pain”  of  an  IT  decision  in  the  form  of  soft¬ 
ware  and  hardware  acquisition  costs,  these  costs 
pale  in  comparison  (less  than  1 5  percent  of 
TCO)  to  the  real  pain  ro  the  business  over  the 


three  or  more  years  that  the  IT  investment  is 
used.  As  the  figure  below  shows,  the  single 
largest  factor  affecting  TCO  is  staffing,  which  is 
driven  by  the  labor  costs  associated  with  manag¬ 
ing  and  maintaining  IT  systems  as  they  change 
over  time. 

Outsourced 
Costs  3% 

Software  7% 

Server  Hardware  7% 

IT  Staff  Training  8% 

Downtime 
Users  Productivity 

15% 

Figure  1:  TCO  Allocation 

Dollars  and  Sense 

While  CIOs  tend  to  be  familiar  with  TCO  as 
a  concept,  the  reality  is  that  it  can  be  hard  to 
assess  accurately.  To  better  understand  how  tech¬ 
nology  executives  think  about  TCO,  IDG 
Research  conducted  an  interview-based  study 
and  found  that: 

•  Many  business  decision  makers  struggle  with 
understanding  the  total  cost  incurred  over  the 
life  span  of  a  system  versus  the  business  value  of 
the  proposed  investment. 

•  Most  companies  do  not  break  TCO  down  to 
the  granular  level  of  an  operating  system 
metric.  Instead,  TCO  is  used  as  a  tool  for  justi¬ 
fying  investment  in  particular  projects  and 
general  applications. 
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•  CIOs  find  that  measuring  soft  costs,  such  as 
training,  maintenance  and  support,  often 
proves  daunting  when  attempting  to  build  a 
TCO  model. 

•  Understanding  the  life  span  of  hardware,  soft¬ 
ware  and  other  systems  remains  a  challenge — 
and  the  issue  muddies  decision  making. 
Attempting  to  get  a  handle  on  a  tangle  of 
variables  is  among  the  most  difficult  aspects 
ofTCO. 

While  most  CIOs  and  other  executives 
recognize  how  important  TCO  is  in  the  decision¬ 
making  process,  they  also  realize  that  TCO 
analysis  is  time-consuming  and 
sometimes  difficult.  Notes  Tony 
Cordeiro,  CIO  at  Shearman  & 

Sterling,  LLP,  a  New  York  City- 
based  law  firm  with  more  than 
$850  million  in  annual  revenues, 

“What  do  you  do  with  the  infor¬ 
mation?  Plow  do  you  reasonably 
compare  it  to  other  projects  of 
equal  importance?  Does  the 
industry  have  enough  published 
material  and/or  benchmarks  to 
create  an  adequate  comparison?” 

Cordeiro  makes  an  important  observation: 
“There  are  no  such  things  as  IT  projects.  There 
are  only  important  business  projects.” 

Organizations  that  understand  the  TCO 
equation  and  calculate  it  are  able  to  ratchet  up 
efficiency  and  maximize  investments.  They’re 
able  to  purchase  hardware  and  software  in  a  more 
informed  way — by  understanding  the  full  impact 
of  indirect  costs  such  as  development,  mainte¬ 
nance,  security,  training,  system  failures,  power 
consumption,  upgrades,  licensing,  floor  space, 
quality  assurance,  disaster  recovery,  tech  support, 
decommissioning  equipment  and  more. 

A  business  must  understand  which  factors 
are  crucial  for  achieving  long-term  success,  and 
must  identify  the  key  drivers  for  achieving  opti¬ 
mal  efficiency — and  how  indirect  costs  affect  the 
total  cost  of  IT  over  time. 

In  the  real  world,  this  scenario  plays  out  in 
tangible  ways.  For  example,  when  Giga  Research 
(now  part  of  Forrester  Research)  examined  the 
total  cost  differences  between  J2EE/Linux  and 
the  Microsoft  .NET  platform  within  medium- 
size  and  large  organizations,  it  found  that  the 


“There  are  no 
such  things  as 
IT  projects. 
There  are  only 
important 
business  projects.” 
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latter  offered  a  25  percent  to  28  percent  lower 
cost  model  over  a  four-year  period.  Key  factors 
included  development  costs,  maintenance, 
support  and  overall  deployment  time  ( The  Total 
Economic  Impact ™  of  Developing  and  Deploying 
Applications  on  Microsoft  and  J2EE/Linux 
Pla  forms,  Forrester  Research,  September  2003). 

A  breakdown  of  the  numbers  within  large 
organizations  indicates  just  how  important  TCO  is 
in  the  decision-making  process.  For  example,  while 
a  J2EE/Linux  system  requires  only 

50  percent  of  the  initial  capital  outlay  as  a  Microsoft 
platform,  building  out  the  software  platform  is  three 
times  as  costly;  software  mainte¬ 
nance  is  more  than  triple  the 
expense  of  Linux;  the  cost  of 
managing  a  project  team  is  approx¬ 
imately  20  percent  higher;  and  IT 
skills  training  is  one-third  higher. 

Jason  Freyou,  CIO  at  State 
Bank  &  Trust  Company,  a 
financial  institution  based  in 
Mississippi  and  Louisiana,  with 
$50  million  in  assets,  describes 
TCO  as  “the  cost  from  birth  to 
burial.”  He  insists  that  it’s  impor¬ 
tant  to  begin  an  analysis  early  on  and  continue 
monitoring  over  time.  “We  look  at  the  costs  across 
the  entire  business,”  he  explains.  “When  you  make 
a  decision  on  one  application,  you  need  to  make 
sure  that  you’re  able  to  integrate  peripheral 
products  and  that  they  fit.  You  don’t  want 
to  change  one  piece  and  break  five.” 


About  CI02CI0 
Perspectives:  This 
peer-based  thought 
leadership  program 
analyzes  quantitative 
research  and  tests  it 
via  qualitative  inter¬ 
views  with  actual 
CIOs.  The  resulting 
executive  insight  is 
then  disseminated 
via  CXO’s  multimedia 
assets.  To  learn  more 
about  CI02CI0 
Perspectives, 
please  contact 
mavery@cxo.com. 


Conclusion 

Today’s  CIO  understands  the  importance  of 
cost  management,  and  most  are  integrating 
calculations  into  the  IT  decision-making 
process.  However,  many  executives 
continue  to  struggle  with  the  specific  crite¬ 
ria  and  factors  that  comprise  an  effective 
strategy.  Not  only  is  it  crucial  to  identify  the 
key  categories  that  drive  total  cost  of  owner¬ 
ship — including  development,  staffing, 
training,  maintenance  and  tech  support,  to 
name  a  few — it’s  imperative  to  understand 
the  value  of  the  IT  purchase  and  how  it 
helps  the  organization  achieve  its  opera¬ 
tional  and  financial  goals.  This,  in  the  end, 
is  what  drives  efficiency — and  success.  H 
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FIELD-TESTED  IDEAS  FROM  CIOs  TO  CIOs 


I  have  neglected  to  connect  my  goals  with  those  of  my  team 
and  my  company.  Early  in  my  career  I  had  a  management  style 
best  described  as  “lightning  rod.”  I  loved  to  be  at  the  center  of 
things.  I  relished  being  the  person  everyone  called  when  they 
needed  to  get  something  done.  This  role  was  helpful  in  situa¬ 
tions  where  I  needed  to  create  the  appearance  of  cohesion  in 
a  team— for  instance,  when  the  business  had  a  negative  per¬ 
ception  of  IT.  I  was  able  to  cut  through  roadblocks  and  force 
action.  It  made  me  look  good. 

However,  I  failed  to  notice  the  negative  impact  of  my  man¬ 
agement  approach  over  time.  During  this  period,  my  decisions 
reflected  my  own  purposes.  I  left  organizations  regularly, 
seeking  the  next  big  thing.  And  I  left  my  teams  rudderless 
because  I  had  not  developed  effectively  the  capabilities  of 
everyone  around  me.  Their  business  relation¬ 
ships  suffered,  and  negative  perceptions  crept 
back  when  I  left. 

I  was  continuing  along  this  path  of  char¬ 
ismatic  control  when  I  became  CIO  of  Royal 
Caribbean  in  April  1999.  The  next  year,  Terry 
Pearce,  author  of  Leading  Out  Loud,  urged  me  to  rise  above 
this  tendency  and  become  a  more  engaged  leader.  Pearce  was 
conducting  a  workshop  with  my  team.  Before  leaving,  he 
pulled  me  aside  and  challenged  me  to  give  away  my  “power.” 
I  began  developing  shared  values  and  attempting  to  create  a 
purposeful  culture.  I  committed  to  staying  at  least  five  years. 
I  told  my  direct  reports  my  plans  and  asked  them  to  hold  me 
accountable. 

Then  came  9/11.  A  month  later  I  had  to  lay  off  50  percent  of 
my  organization.  And  I  became  a  believer  in  what  I  was  espous¬ 
ing  because  I  saw  the  benefits  of  the  new  leadership  approach 
in  action. 

I  watched  as  the 
survivors  sought 
refuge  in  our  shared 
values,  relying  on 
their  belief  that  these 
would  not  change 
even  though  every¬ 
thing  else  was  changing.  I  understood  then  that  my  team  was 
motivated  not  by  my  persona  but  by  the  common  cause  of 
restoring  an  organization  they  believed  in.  The  team  became 
stronger  with  a  group  of  leaders  united  in  our  values  and  pur¬ 
pose.  Although  we  planned  to  do  nothing  more  than  maintain 
the  current  IT  environment  for  the  next  year,  we  ended  up 
introducing  some  of  the  most  advanced  IT  capabilities  in  our 
industry,  such  as  a  ship-side  Internet  cafe  and  online  cruise 
bookings. 

We  also  benefited  from  the  creation  of  a  climate  where  my 
staff  was  not  afraid  to  tell  the  truth.  We  used  a  process  I  call 
Undiscussables,  with  ground  rules  for  discussions  about 
uncomfortable  subjects.  Initially,  we  had  64  undiscussables, 
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ranging  from  whether  DB2  or  Oracle  was  the  right  future 
database  platform  to  problems  with  vice  presidents  whose 
behavior  was  not  aligned  with  our  values.  We  addressed  every 
item.  Two  years  later,  we  didn’t  need  the  process  because  we 
had  learned  to  address  even  the  most  difficult  issues  and  keep 
moving  ahead. 

How  to  Live  Your  Values 

Here  are  three  ways  that  you  can  improve  your  connection  to 
your  team  and  begin  building  a  purposeful  culture. 

■  Connect  with  your  organization’s  purpose  and  values.  I  look 
for  the  key  element  of  the  company’s  strategy  and  attach  IT  to 
it  so  the  team  can  see  how  their  efforts  enable  the  company’s 
success. 


Great  leaders  get  people  to  work  for 
a  cause— and  then  for  one  another  in 

service  of  that  cause. 


■  Evaluate  and  align  key  IT  practices  so  they  promote 
enhanced  performance,  risk-taking  and  commitment.  We 
have  continuous  improvement  teams,  which  look  for  oppor¬ 
tunities  to  celebrate  success,  create  recognition  and  reward 
programs,  and  streamline  processes.  We  introduced  No 
Meeting  Thursdays  to  allow  managers  time  to  spend  with 
their  teams. 

■  Model  the  organization’s  purpose  and  values.  I  try  to  greet 
every  person  by  name  and  express  a  sincere  interest  in  what 
he  is  doing.  At  AmerisourceBergen  we  agreed  as  a  team  not 
to  have  a  holiday  party  last  year  and  instead  donated  time  to 
a  local  food  bank.  When  we  promote  someone,  we  highlight 
that  person’s  results  and  behaviors. 

We  built  our  organization  by  hiring  a  lot  of  outsiders.  As 
we  started  to  promote  from  within,  we  proved  that  we  were 
willing  to  work  with  people  to  grow  internally.  This,  in  con¬ 
junction  with  a  clear  career  path  grid,  has  made  it  easier  for 
managers  to  match  their  staffs  with  projects  that  will  help 
them  achieve  their  career  goals  within  the  company. 

Bad  leaders  use  control  to  get  results.  Good  leaders  get 
people  to  work  for  them.  Great  leaders  get  people  to  work 
for  a  cause  that  is  greater  than  any  of  them— and  then  for 
one  another  in  service  of  that  cause.  Engaging  in  a  common 
purpose  and  executing  that  purpose  according  to  shared 
principles  enables  your  team  to  accomplish  something  no 
individual  could  do  alone.  This  is  what  our  role  as  IT  leaders 
is  all  about.  BEI 


Tom  Murphy  is  senior  vice  president  and  CIO  with 
AmerisourceBergen.  He  can  be  reached  at  tmurphy@ 
amerisourcebergen.com.  To  comment  on  this  article, 
go  to  www.cio.com/article/104006. 
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CIO  EXECUTIVE  VIEWPOINT 

Staffing  Project  Managers 

A  Sure-fire  Way  to  End  Your  Career  -  Select  the  Wrong  Project  Manager 


Patrick  McGuire 

President,  Surrex  Project  Solutions 

Patrick  McGuire  is  a  20-year  IT  veteran.  Rising  through  the  ranks  as  an  en¬ 
gineer,  developer,  database  administrator  and  project  manager,  he  patented  a 
network  card  and  founded  and  sold  several  software  companies,  including  Fast 
Track  Solutions.  After  becoming  a  CIO,  McGuire  consistently  delivered  on  key 
technical  strategies  and  critical  projects  that  resulted  in  profitable  business 
growth.  By  delivering  on  several  key  strategic  projects,  he  helped  his  last  com¬ 
pany  catapult  from  a  $35  million  to  a  $180  million  business  in  just  three  years. 


Finding  the  right  project  manager  (PM) 
can  present  a  daunting  challenge  with 
severe  consequences  for  the  wrong  choice. 

In  this  interview,  McGuire  shares  his  insight 
on  the  topic. 

Why  is  selecting  the  right  project 
manager  so  important? 

Because  your  job  depends  on  it.  When  I 
was  a  CIO,  three  of  my  peers  “moved  on 
to  new  opportunities”  because  of  misman¬ 
aged  projects  under  their  care.  In  each  case, 
an  outsourced  PM  was  responsible.  Poorly 
managed  scope  and  risks,  coupled  with 
a  lack  of  project  visibility,  prevented  the 
CIO  from  seeing  the  train  wreck  coming. 
Selecting  the  wrong  PM  was  a  career-ending 
move. 

With  today’s  modern  business  practices, 
how  can  this  be  possible? 

It  starts  with  the  “penny-wise  and  pound- 
foolish”  mind  set.  The  CIO  is  expected  to  do 
more  with  less,  so  price  is  important.  How¬ 
ever,  price  does  not  equal  cost.  When  I  fi¬ 
nally  found  the  right  project  manager,  even 


if  the  hourly  rate  was  higher,  the  actual 
project  cost  savings  was  significant.  And  the 
reassurance  of  job  security — priceless. 

How  difficult  is  it  to  find  the  right 
project  manager  for  the  job? 

More  difficult  than  you  might  think.  That  is 
why  only  a  few  companies — the  ones  with 
specific  expertise — are  consistently  suc¬ 
cessful  in  delivering  the  right  PM.  In  many 


ways,  finding  a  good  PM  is  as  difficult  as 
finding  a  good  CIO,  and  yet  many  com¬ 
panies  approach  the  position  like  hiring  a 
programmer.  They  simply  don’t  have  the 
proper  processes  or  staff  to  qualify  a  PM. 

How  pervasive  is  this  difficulty? 

Everyone,  even  the  large  project  companies, 
has  problems  in  this  area.  As  a  CIO,  when  I 
needed  a  PM  for  a  critical  project,  I  would 
often  be  sent  a  candidate  who  was  “on 
the  bench” — usually  with  a  very  creative 
resume  and  a  serious  discount,  but  not  the 
right  fit.  Or  I  would  be  sent  an  infrastruc¬ 
ture  PM  and  told,  “Oh,  he  can  manage  any 
project.”  Obviously,  you  don’t  use  a  brain 
surgeon  to  perform  open  heart  surgery,  yet 
this  is  what  was  recommended. 

What  about  using  internal  HR  to  recruit 
for  the  position? 

In  the  do-it-yourself  approach,  the  HR  de¬ 
partment  is  expected  to  qualify  a  PM.  Under 
unrealistic  time  constraints,  they  usually 
recruit  just  a  few  PMs  per  year  and  often 
don’t  have  the  experience,  understanding 
or  specialized  processes  to 
properly  qualify  a  PM.  Most 
of  my  own  interviews  with 
HR  went  like  this:  Fust  I  was 
asked,  “Was  your  last  project 
on  time  and  on  budget?” 
Second,  “I  see  you  worked 
at  XYZ  Corp — do  you  know 
So-and-So?”  Third,  esoteric 
questions  followed,  with  no 
right  answers.  I  viewed  this  process  like  dat¬ 
ing:  I  knew  if  I  could  deflect  the  questions 
and  get  them  to  talk  about  themselves,  their 
job  or  the  project,  I  would  get  a  second  date. 
Did  any  of  this  qualify  me  as  a  PM?  Not 
even  close.  And  the  final  question:  “When 
can  you  start?”  Fast-forward  10  years  later: 
I  interviewed  for  a  PM  position,  progressing 
from  a  $1  million  project  to  a  $25  million 
project,  and  the  interviewing  process  had 


"When  I  finally  found  the  right  project 
manager,  even  if  the  hourly  rate 

was  higher,  the  actual  project  cost 
savings  was  significant.  And  the 
reassurance  of  job  security — priceless." 


not  changed — except  that  I  interviewed  with 
the  VP! 

What  is  your  advice  to  CIOs  for  selecting 
a  project  manager  for  a  key  project? 

I  recommend  three  things:  First,  act  as  if 
your  job  depends  on  it  and  make  it  a  top 
priority.  Second,  don’t  settle.  Avoid  com¬ 
panies  or  recruiters  that  caimot  properly 
evaluate  a  PM,  and  don’t  take  an  unquali¬ 
fied  bench  resource,  no  matter  what  the 
discount.  Ensure  the  qualification  process 
filters  out  the  candidates  who  haven’t  the 
right  domain  expertise  for  the  project. 
Third,  select  a  company  that  knows  how  to 
separate  the  best  from  the  rest.  Look  for  a 
large  recruiting  base  to  provide  an  extensive 
candidate  pool.  Make  sure  it  is  matched 
with  a  stringent  filtering  process.  A  reliable 
method  is  the  KEEP™  process,  which  tests 
and  validates  a  candidate’s  Knowledge, 
Experience,  Education  and  Personality.  This 
gives  a  competitive  advantage  in  consistent¬ 
ly  assessing  and  selecting  the  right  PM. 

For  More  Information:  Check  out  this  white 
paper,  “The  New  Paradigm  for  Qualifying 
Project  Managers”,  at  www.eio.com/ 
whitepapers/surrexprojectsolutions 


R  R 


Project  Solutions 


gim 


Custom  Solutions  Grout 


COVER  STORY 


Security  Governance 


THE  RISK  OF  BECOMING 

BIG  BROTHER 

Are  you  being  asked  to  monitor  employees 
as  they  use  corporate  IT?  That's  a  si  i  ppery 
slope,  as  recent  litigation  shows.  Here's  how 

to  ao  it  right. 


BY  THOMAS  WAILGUM 


Arthur  Riel  says  he  was  just  doing  his  job. 

When  he  was  hired  by  Morgan  Stanley  in  2000  and  put  in 
charge  of  the  $52  billion  financial  company’s  e-mail  archiving  sys¬ 
tem,  gaining  access  to  its  most  sensitive  corporate  communications, 
the  company  was  already  involved  in  litigation  that  involved  its 
e-mail  retention  policies.  That  suit  would  end  in  a  landmark  2005 
judgment  against  the  bank,  which  awarded  $1.57  billion  in  damages 
to  financier  Ronald  Perelman.  (In  March  2007,  Morgan  Stanley 
won  an  appeal  to  Florida’s  District  Court  of  Appeal.) 

It  was  part  of  Riel’s  $500,000  a  year  job,  he  says,  to  make  sure 
that  would  never  happen  again. 

To  do  that,  Riel  had  what  he  calls  “carte  blanche  to  go  through 
e-mail.”  What  he  says  he  discovered  reading  company  e-mails 
throughout  2003  were  what  he  construed  as  dubious  business  eth- 
.  ics,  potential  conflicts  of  interest  and  sexual  banter  within  Morgan 


Stanley’s  executive  ranks  that,  he  says,  ran  contrary  to  the  bank’s 
code  of  conduct. 


Based  on  his  reading  of  executive  e-mails,  most  notably  CTO 
Guy  Chiarello’s,  Riel  alleged  that  the  e-mails  showed  the  improper 
influence  of  Morgan  Stanley’s  Investment  Banking  division  in 
how  the  IT  department,  with  its  multimillion-dollar  budget,  pur¬ 


chased  technology  products;  the 
improper  solicitation  of  tickets  to 
New  York  Yankees-Boston  Red 
Sox  baseball  games  and  other 
high-profile  sporting  events 
from  vendors  such  as  EMC;  and 
the  influencing,  through  one  of 
Chiarello’s  direct  reports,  of 
the  outcome  of  Computerworld 
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::  Policies  for  guarding 
against  misuse  of  invasive 
technologies 

::  Explaining  monitoring  poli¬ 
cies  to  employees 

::  How  to  define  limits  and 
minimize  risks 
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magazine’s  Smithsonian  Leadership  Award  process,  of 
which  Morgan  Stanley  was  a  sponsor.  ( Computer-world  is 
a  CIO  sister  publication.)  “I  reported  what  was  basically 
a  kickback  scheme  going  on  in  IT,”  Riel  says. 

E-mail  exchanges  that  contained  sexual  banter  and 
involved  Riel’s  boss,  CIO  Moira  Kilcoyne,  added  to  Riel’s 
conviction  that  something  was  wrong  at  the  top.  Believ¬ 
ing,  he  says,  that  he  was  doing  his  duty.  Riel  claims  to 
have  sent  hard  copies  of  the  offending  e-mails  to  Stephen 
Crawford,  Morgan  Stanley’s  then-CFO,  on  Jan.  15, 2004, 
anonymously  via  interoffice  mail. 

Riel’s  superiors  vigorously  dispute  his  story. 

First,  according  to  a  Morgan  Stanley  spokesperson, 
the  company  asserts  that  Riel  was  never  authorized  to 
monitor,  read  or  disseminate  other  employees’  e-mails 
“as  he  saw  fit.”  Second,  the  spokesperson  denies  that 
a  package  of  e-mails  was  either  sent  to  or  received  by 
Crawford.  And  third,  after  conducting  an  internal 
investigation,  the  company  maintains  that  it  found  no 
evidence  warranting  disciplinary  action  against  anyone 
identified  by  Riel. 

On  Aug.  18,  2004,  moments  after  Riel’s  BlackBerry 
service  was  shut  off,  Kilcoyne,  along  with  a  vice  presi¬ 
dent  of  HR,  called  Riel  into  her  office.  She  told  him  that 
he  was  being  placed  on  administrative  leave  with  full 
pay.  Morgan  Stanley  security  searched  his  office  and 
eventually  found  more  than  350  e-mails  on  his  PC, 
e-mails  of  which  Riel  was  neither  the  writer  nor  the 
intended  recipient. 

On  Sept.  27,  2005, 13  months  after  being  placed  on 
leave,  Riel  was  “terminated  for  gross  misconduct,”  says  the  Morgan 
Stanley  spokesperson. 

Riel  filed  a  $10  million  whistle-blower  Sarbanes-Oxley  suit  and 
a  $10  million  federal  defamation  suit  against  Morgan  Stanley.  In 
June  2006,  the  Department  of  Labor  dismissed  the  whistle-blower 
suit  and  said  it  had  found  no  cause  to  believe  that  Morgan  Stanley 
had  violated  any  part  of  the  Sarbanes-Oxley  Act.  It  also  found  that 
Morgan  Stanley  had  “terminated  other  employees  in  the  past  for 
similar  misconduct.” 

In  February  2007,  a  federal  judge  dismissed  seven  of  the  eight 
complaints  Riel  had  filed  in  his  suit.  (A  small  issue  concerning  com¬ 
pensation  was  uncontested.)  In  a  statement,  Morgan  Stanley  said 
that  the  dismissal  of  the  seven  complaints  and  the  whistle-blower 
suit  “further  confirms  that  Arthur  Riel’s  allegations  are  without 
any  legal  or  factual  merit.” 

Today,  in  light  of  everything  that  transpired,  Riel  says  he  learned 
a  lesson  that  all  CIOs  should  heed:  “It’s  critical  that  IT  departments 
determine  a  policy  for  who  should  have  access  to  what.”  During  his 
time  at  Morgan  Stanley,  he  claims,  “there  was  no  policy.” 

With  Power  Comes  Responsibility 

As  the  need  to  broaden  access  to  systems  and  applications  increases 
due  to  business  and  regulatory  demands,  so  does  the  potential  for 
malfeasance,  whether  it’s  your  network  admin  testing  the  corpo- 


You've  Got  Trouble  If... 

Six  signs  to  watch  out  for 

A  2006  study  from  Carnegie  Mellon’s  Computer  Emergency  Response 
Team  (CERT)  center  examined  the  psychological,  technical,  organizational 
and  contextual  factors  that  lead  to  insider  sabotage.  CERT  made  six  critical 
observations  about  IT  staffers  who  attack  their  own  organizations.  So  you 
could  be  in  trouble  if  you’ve  got... 

1.  Problem  children.  Most  saboteurs  have  personal  problems 
(debt,  alcoholism,  anger  and  impulse  control  difficulties)  that  contribute 
to  their  malicious  acts. 

2.  Organizational  disruption.  In  most  cases,  stressful 
events,  including  run-ins  with  the  boss,  reorganizations  and  organizational 
sanctions,  precipitate  insider  IT  sabotage. 

3.  Bad  attitudes.  Behaviors  to  worry  about  include  tardiness, 
argumentativeness,  poor  job  performance  and  security  violations. 

These  are  often  observed  before  and  during  insider  IT  sabotage. 

4.  Insecure  systems.  Before  sabotage  occurs,  insiders  often  do 
things  like  create  unauthorized  backdoor  accounts.  Acts  such  as  those 
should  put  you  on  alert. 

5.  Dicey  downloads.  If  you  discover  someone  downloading 
password  crackers,  chances  are,  he’s  going  to  use  them. 

6.  Missing  locks.  Sabotage  is  facilitated  by  lack  of  controls 

for  physical  access  (to  rooms  or  buildings)  and  electronic  access  (to 
computing  and  network  resources).  -T.W. 

rate  firewall  on  his  own  time  and  inadvertently  leaving  it  open,  a 
salesperson  accessing  a  customer’s  credit  card  information  or  a 
rogue  help  desk  staffer  hell-bent  on  sabotaging  your  CEO  by  read¬ 
ing  his  e-mail. 

Like  good  governments,  IT  departments  need  checks  and  bal¬ 
ances,  and  they  need  to  marry  access  with  accountability.  A  Decem¬ 
ber  2006  Computer  Emergency  Readiness  Team  (CERT)  study  on 
insider  threats  found  that  a  lack  of  physical  and  electronic  access 
controls  facilitates  insider  IT  sabotage.  The  situation  is  even  more 
critical  now  because  new,  widely  deployed  applications  for  identify¬ 
ing  and  monitoring  employee  behavior  have  thrust  IT  into  what  was 
formerly  the  domain  of  HR  and  legal  departments.  Tom  Sanzone, 
CIO  of  Credit  Suisse,  says  he  works  “hand  in  glove”  with  HR,  legal, 
compliance  and  corporate  auditors,  and  has  formalized  an  IT  risk 
function  to  ensure  that  all  access  policies  are  consistent  and  repeat- 
able  on  a  global  scale.  “Those  relationships  are  very  important,”  he 
says.  (For  more  on  building  those  relationships,  see  “Partnering  for 
Better  Security,”  www.cio.com/article/1046S4.) 

Many  CIOs  have  discovered  that  their  new  policing  role  presents 
the  same  challenges  faced  by  the  men  and  women  who  wear  blue 
uniforms:  If  people  can’t  trust  the  police— or  if  something  happens 
that  damages  that  trust— then  whom  can  they  trust?  (For  how  to 
repair  trust  once  it’s  compromised,  see  www.  cio.  com/article/2909 7. ) 
“If  IT  does  something  that  they  shouldn’t,  then  the  general 
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employee  thinks.  I’m  going  to  find  a  way  to  get  around  the  monitor¬ 
ing  because  we  can’t  even  trust  the  people  in  IT,”  says  David  Zweig, 
an  associate  professor  of  organizational  behavior  at  the  Univer¬ 
sity  of  Toronto  at  Scarborough.  “It’s  a  cycle  of  increasing  deviance, 
which,  unfortunately,  could  create  more  monitoring.” 

At  Network  Services  Company  (NSC),  a  distributor  in  the  paper 
and  janitorial  supply  industry,  CIO  Paul  Roche  asserted  control 
over  how  and  when  his  IT  department  can  access  employee  systems 
and,  working  with  HR  and  legal,  he  has  developed  a  policy  for  deal¬ 
ing  with  suspected  employee  infractions.  For  example,  the  IT  policy 
states  that  IT  personnel  can’t  start  snooping  around  employees’  PCs 
without  prior  HR  approval.  “Employees  know  we’re  not  going  to 
look  the  other  way,”  says  Roche. 

Any  CIO’s  mettle— no  matter  how  rock-solid  his  policy  or  rela¬ 
tionships— will  be  tested  when  one  of  his  own  crosses  the  line  and 
breaks  the  trust  between  users  and  the  IT  department.  “The  expec¬ 
tation  has  to  be  that  if  you’re  going  to  give  someone  authority,  at 
some  point  it  will  be  misused,”  says  Khalid  Kark,  a  senior  security 


Your  Security  Toolbox 

Enterprise  monitoring  and  filtering 


analyst  at  Forrester  Research. 

“And  who  will  guard  the  guards?” 

Bad  Guys  and  Do-Gooders 

Despite  Riel’s  assertion  that  Morgan  Stanley  had  no  policy  for  which 
systems  and  e-mail  accounts  he  could  access,  Morgan  Stanley  says 
Riel  was  never  authorized  to  do  what  he  did.  (No  one  from  Morgan 
Stanley’s  IT  department  was  made  available  for  this  article.) 

Morgan  Stanley  isn’t  alone  in  having  to  deal  publicly  with  ren¬ 
egade  IT  employees.  Wal-Mart  disclosed  last  March  that  over  a 
four-month  period  one  of  its  systems  technicians,  Bruce  Gabbard, 
had  monitored  and  recorded  telephone  conversations  between 
Wal-Mart  public  relations  staffers  and  a  New  York  Times  reporter. 
“These  recordings  were  not  authorized  by  the  company  and  were 
in  direct  violation  of  the  established  operational  policy  that  for¬ 
bids  such  activity  without  prior  written  approval  from  the  legal 
department,”  Wal-Mart  said  in  a  statement.  In  addition,  Wal-Mart 
revealed  that  Gabbard  had  “intercepted  text  messages  and  pages, 
including  communications  that  did  not  involve  Wal- 
Mart  associates,”  which  the  company  maintains  “is 
not  authorized  by  company  policies  under  any  cir¬ 
cumstances,”  Gabbard,  who  was  fired,  claimed  in 
an  April  Wall  Street  Journal  article  that  his  “spying 
activities  were  sanctioned  by  superiors.”  Wal-Mart 
says  that  it  has  removed  the  recording  equipment 
and  related  hardware  from  the  system.  “Any  future 
use  of  this  equipment  will  be  under  the  direct  super¬ 
vision  of  the  legal  department,”  Wal-Mart  stated. 

In  February,  the  Massachusetts  Department  of 
Industrial  Accidents  (DIA)  disclosed  that  Francis 
Osborn,  an  IT  contractor,  had  accessed  and  retrieved 
workers’  compensation  claimants’  Social  Security 
numbers  from  a  DIA  database.  According  to  court 
documents,  Osborn  accessed  1,200  files  and  opened 
credit  card  accounts  using  three  claimants’  informa¬ 
tion,  charging  thousands  of  dollars  to  those  fraudu¬ 
lent  accounts.  In  a  statement,  the  DIA  commissioner 
said  the  department  was  “conducting  a  thorough 
review  of  all  security  procedures.”  Osborn  was  fired, 
arrested  and  charged  with  identity  fraud. 

Other  incidents,  however,  are  less  egregiously 
criminal  and  therefore  harder  for  CIOs  to  evalu¬ 
ate  and  handle.  In  February  2006,  New  Hamp¬ 
shire  officials  announced  that  they  had  discovered 
password-cracking  software  (a  program  called 
Cain  &  Abel)  planted  on  a  state  server.  Cain  &  Abel 
potentially  could  have  given  hackers  visibility 
into  the  state’s  cache  of  credit  card  numbers  used 
to  conduct  transactions  with  the  division  of  motor 
vehicles,  state  liquor  stores  and  the  veterans  home. 
Douglas  Oliver,  an  IT  employee  who  in  one  news 
report  referred  to  himself  as  the  state’s  “chief  techni¬ 
cal  hacker,”  admitted  to  media  outlets  that  he  had 
installed  the  program,  saying  he  was  using  it  to  test 


While  the  market  for  security  applications  that  monitor  and  filter  enterprise 
content  is  relatively  new  and  small— around  $60  million  in  2006— Gartner 
says  it  is  growing.  Here’s  a  sampling  of  some  infosecurity  products  CIOs  are 
using  today. 

iPrism 

St.  Bernard  Software  claims  iPrism  blocks  IM  and  peer-to-peer  traffic  and 
blocks  employees  from  visiting  URLs  that  are  phishing  sites,  contain  threats  to 
PCs  or  aren’t  prohibited  by  enterprise  usage  policies. 

Metron 

eTelemetry  says  Metron  tracks  bandwidth  usage,  surfing  and  chatting.  Its 
Locate  product  passively  maps  people  to  the  IT  infrastructure.  Together, 
eTelemetry  claims  its  "people-to-IP”  matching  technology  provides  visibility 
into  how  each  employee  is  using  the  infrastructure. 

Security 

Security  claims  its  appliance  passively  captures  and  analyzes  traffic  into  and 
out  of  critical  data  centers  and  across  corporate  boundaries  such  as  extranets. 
Security  says  its  ‘‘monitors’’  track  all  transactions  to  users  to  provide  a  view  of 
“who”  is  accessing  “what”  applications  and  “where”  in  the  network. 

7 

Vontu  claims  that  7  is  the  first  integrated,  enterprise-class  data  loss  prevention 
product  that  identifies  “data  at  rest,  data  in  motion  and  data  at  the  endpoint’’— 
meaning  on  servers,  databases  and  PCs;  e-mail,  IM  and  Web;  and  removable 
media  such  as  USBs,  CDs  and  iPods. 

Vericept 

Vericept  says  its  Risk  Management  platform  gives  enterprises  visibility  into 
all  insider  risk  whether  inadvertent  or  malicious.  These  include  unauthorized 
access  of  confidential  customer  information;  document  leaks;  unencrypted 
transmission  of  cardholder  information;  the  posting  of  financial  reports  and 
source  code;  damaging  blogs  by  insiders;  intellectual  property  theft;  and  net¬ 
work  and  e-mail  control.  -T.W. 
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i  ne  more  you  nave  to  store, 
the  more  reliability  matters. 

Fujitsu  ETERNUS5  Storage  Systems:  Uncompromising 
reliability  for  your  most  demanding  applications. 


To  help  enterprises  manage  the  flood  of  mission-critical  data,  Fujitsu  ETERNUS  Storage  Systems  deliver  the 
reliability  and  availability  data  centers  require.  For  continuous  data  access  and  easier  maintenance,  major 
components  are  highly  redundant  and  hot-swappable.  The  controller  modules’  software  can  also  be  upgraded 
without  shutting  down  or  rebooting.  A  built-in  statistical  failover  mechanism  ensures  stable  operation  by  disabling 
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against  data  theft.  Go  to  us.fujitsu.com/computers/reliability3  for  more  information. 
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Are  You  Shipshape? 

Before  CIOs  start  worrying  about  other  parts  of  the  business, 
they  need  to  make  sure  their  own  hatches  are  battened  down 

RICHARD  HUNTER,  a  vice  president  and  analyst  on  security  and  privacy  with 
Gartner,  says  that  CIOs  should  regularly  run  IT  security  audits  on  the  "practices 
and  procedures  related  to  IT  operations,"  including  checking  on  passwords,  log¬ 
ging  capabilities,  reviewing  how  systems  are  monitored  and  other  access  control 
mechanisms.  The  audit  needs  to  be  an  objective  "examination  of  records  by  an 
impartial  third  party,”  Hunter  says. 

In  addition  to  ensuring  that  he  has  appropriate  checks  and  balances  in  his  IT 
group,  John  Halamka,  CIO  of  CareGroup  and  Harvard  Medical  School,  retains 
Third  Brigade,  a  white-hat  hacking  company,  to  conduct  peri¬ 
odic  vulnerability  assessments.  Besides  providing  a  checkup  on 
his  security  systems,  Third  Brigade  can  also  tell  Halamka  what 
his  IT  staff  could  do  to  his  systems,  if  they  so  chose.  (Halamka 
says  he’s  never  had  to  fire  an  IT  person  for  abusing  his  IT  access 
privileges.) 

“What  I  always  say  is,  if  you  don’t  think  you  have  security 
problems,  you  haven’t  looked  hard  enough,”  says  Halamka.  -T.W. 


system  security.  He  said  he  did  so  with  state 
CIO  Richard  Bailey’s  knowledge.  (Bailey  did 
not  respond  to  repeated  requests  for  an  inter¬ 
view.)  Oliver  was  placed  on  paid  leave  during 
an  investigation  that  involved  the  FBI  and 
the  U.S.  Department  of  Justice. 

On  April  4, 2006,  state  officials  announced 
that  the  Cain  &  Abel  program  had  never  been 
turned  on  and  that  it  was  “very  unlikely” 
that  any  credit  card  information  had  been 
exposed.  Oliver,  who  had  never  been  named 
as  the  IT  worker  responsible  for  the  incident, 
was  invited  to  return  to  his  job  on  April  25, 

2006. 

A  more  highly  publicized  incident 
occurred  at  Sandia  National  Laboratories  in 
New  Mexico.  After  a  series  of  hacks  on  the 
lab’s  network  in  2004,  Shawn  Carpenter,  a 
Sandia  network  security  analyst,  launched 
his  own  investigation.  He  eventually  linked 
the  attacks  to  a  Chinese  cyberespionage 
group  and  also  discovered  that  U.S.  govern¬ 
ment  documents  had  been  stolen.  He  shared 
his  findings  with  the  Army  Counterintelligence  Group  and  the  FBI. 
In  response,  Sandia  fired  Carpenter  in  January  2005  for,  as  reported 
in  Computerworld,  “inappropriate  use  of  confidential  information.” 
But  in  February  2007,  a  New  Mexico  jury  awarded  Carpenter  $4.3 
million  in  his  wrongful  termination  suit  and  in  the  process  trans¬ 
formed  him  from  a  rogue  IT  worker  into  a  national  hero.  (Sandia 
is  appealing  the  verdict.) 

The  moral  is  that  whether  they’re  dealing  with  a  malcontent,  a 
crook  or  a  conscientious  employee  doing  his  job  to  the  best  of  his 
abilities,  CIOs  need  to  be  alert  to  risks  and  threats  in  their  own 
backyard.  (For  signs  that  there  could  be  trouble  in  your  department, 
see  “You’ve  Got  Trouble  If...,”  Page  30.) 

“It’s  not  the  external  hacker  you  need  to  worry  about  so  much,” 
says  John  Halamka,  CIO  of  CareGroup  and  Harvard  Medical 
School.  “It’s  the  internal  employees  who  have  legitimate  access  to 
the  systems  and  can  do  most  harm.” 

The  Sinful  Six 

Since  the  dawn  of  the  Internet  age,  IT  has  been  aware  that  the  Web 
is  a  Pandora’s  box  filled  with  tools  that  anyone  with  a  PC,  a  network 
connection  and  a  devious  mind  can  employ  to  make  mischief.  But 
now  regulations  such  as  Sarbanes-Oxley,  the  Health  Insurance 
Portability  and  Accountability  Act  (HIPAA),  Gramm-Leach-Bliley 
and  Payment  Card  Industry  (PCI)  data  security  standards  have 
focused  the  non-IT  executive’s  attention  on  what  evils  can  lurk 
alongside  the  business  benefits  IT  can  provide.  (For  more  on  IT’s 
regulatory  compliance  responsibilities,  see  “Your  Guide  to  Good 
Enough  Compliance,”  www.cio.com/article/10275l.) 

“Business  management  has  become  much  more  aware  that  IT 
risk  is  business  risk,”  says  Richard  Hunter,  a  vice  president  and 
expert  on  security  and  privacy  with  Gartner.  Consequently,  even 


companies  in  lightly  regulated  industries  have  begun  to  pay  more 
attention  to  their  liabilities  and  their  user  management  policies.  For 
employees  everywhere,  the  message  is  (or  should  be)  clear:  “You 
don’t  have  privacy  where  corporate  life  is  concerned,”  Hunter  says. 
And  “corporate  security”  will  always  trump  “user  privacy.” 

This,  in  turn,  has  created  a  more  authoritative  role  for  IT  depart¬ 
ments  as  they  monitor  and  dictate  what  employees  can  and  can’t  do 
with  the  technology  they  provide.  A  list  has  emerged  in  IT  circles, 
“The  Sinful  Six,”  describing  the  types  of  Internet  sites  that  can’t  be 
viewed  at  work:  those  containing  pornography,  anything  promoting 
gambling,  anything  deemed  tasteless,  hate  material,  violence  and 
illegal  activities.  Roche  says  visiting  any  of  these  sites,  along  with 
any  kind  of  site  that  is  a  danger  to  PCs  (exposing  them  to  malware 
and  spyware),  is  in  direct  violation  of  NSC’s  HR  policies. 

New  technologies  have  also  made  it  easier  for  IT  to  identify  who 
and  where  the  violators  are.  According  to  the  American  Manage¬ 
ment  Association’s  2005  electronic  monitoring  survey,  76  percent 
of  the  526  companies  surveyed  said  they  conduct  some  form  of 
electronic  monitoring.  In  a  recent  paper  written  by  the  University 
of  Toronto’s  Zweig,  it’s  estimated  that  more  than  40  million  U.S. 
employees  are  subject  to  some  type  of  electronic  performance  moni¬ 
toring,  “such  as  counting  keystrokes,  listening  in  on  phone  calls, 
tracking  e-mail  and  even  video-based  monitoring  of  availability.” 
(For  a  list  of  monitoring  tools,  see  “Your  Security  Toolbox,”  Page 
34.)  But  even  though  a  recent  Harris  Interactive  study  of  U.S.  office 
workers  found  that  most  employees  don’t  let  the  knowledge  that 
they’re  being  monitored  interfere  with  their  nonwork  use  of  the 
Internet  (more  than  half  of  respondents  said  they  send  and  receive 
personal  messages  on  their  work  e-mail  accounts),  CIOs  do  not 
want  to  be  thought  of  as  IT  cops.  “You  don’t  want  to  be  the  bad  guy 
who’s  enforcing  the  policy,”  says  CareGroup  CIO  Halamka. 
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UNDETECT  D  DEFECTS  LURKING  IN 
YOUR  CODE  CAN  PROVE  DISASTROUS 
FOR  YOUR  BUSINESS. 

Hidden  bugs  in  your  valuable  source  code  can  have  serious  consequences  for  your  software — countless  patches, 
drops  in  customer  satisfaction,  product  recalls  or  worse.  You  need  to  know  all  your  code  is  clean.  Coverity  offers  advanced 
source  code  analysis  products  for  the  detection  of  hazardous  defects  and  security  vulnerabilities.  Catastrophic  errors 
are  identified  immediately  as  code  is  written,  assuring  the  highest  possible  code  quality — no  matter  how  complex  your 
code  base.  This  allows  your  developers  to  spend  less  time  searching  for  bugs  and  more  time  adding  value  to  your  product. 


FREE  TRIAL:  Let  us  show  you  what  evil  lurks  in  your  code.  Go  to  www2.coverity.com  to  request  a  free  trial  that  will 


coverity 

Your  code  is  either  coverity  clean — or  it’s  not. 


scan  your  code  and  identify  defects  hidden  in  it. 


Ceratitis  Capitata. 
or  Medfly-unchecked, 
crop  damage  estimated 
at  $82 1  million  per  year. 
Electron  Micrograph.  80X 


Cover  Story  |  Security  Governance 


“It’s  not  the  external  hacker  you  need  to  worry  about. 

It’s  employees  who  have  legitimate  access  to  the  systems 

and  can  do  most  harm.”  -John  Halamka,  CIO,  CareGroup  and  Harvard  Medical  School 


The  ROI  of  Privacy 

In  conversations  with  CIOs,  Forrester’s  Kark  says  he’s  discovered 
that  most  companies  “don’t  want  to  put  in  draconian  measures 
to  say  that  [their  company]  is  going  to  monitor  everything,  even 
though  they  have  the  right  to  do  so.”  In  those  companies  that  cre¬ 
ate  cultures  with  more  user-friendly  privacy  measures,  Kark  says 
that  he’s  found  that  there’s  a  higher  level  of  trust  among  users  and 
management. 

According  to  Zweig’s  research,  monitoring  “continues  to  vio¬ 
late  the  basic  psychological  boundaries  between  the  employer  and 
employee— one  that  is  predicated  on  some  minimal  level  of  privacy, 
autonomy  and  respect.  Once  this  boundary  has  been  violated,  a  host 
of  negative  implications  are  likely,  ranging  from  dissatisfaction  and 
stress  to  resistance  and  deviance.”  Therefore,  he  says,  it’s  critical 
for  a  company  that  wants  to  engender  a  culture  of  collaboration 
and  trust  to  make  it  perfectly  clear  to  all  employees  both  inside  and 
outside  IT,  just  what  IT  will  and,  more  important,  will  not  do.  “It 
should  be  communicated  to  everyone  in  the  organization  that  the 
IT  department  does  not  have  carte  blanche,”  Zweig  says.  “It  isn’t 
open  season  on  people.” 

How  to  Monitor  the  Monitors 

And  that  brings  us  back  to  the  IT  department— those  entrusted  with 
the  access,  know-how  and  a  front-row  seat  on  all  the  monitoring 
action.  In  organizations  where  there  is  “open  season”  on  employees’ 
digital  wakes,  CIOs  and  analysts  say  there’s  usually  an  unregulated 
“cowboy  culture”  within  the  IT  department  and,  most  likely,  little 
trust  and  respect  between  management  and  users.  In  such  organi¬ 
zations,  Forrester’s  Kark  says  he  finds  that  more  IT  employees  have 
access  to  a  system  than  is  actually  appropriate.  At  one  company,  for 
example,  he  determined  that  32  employees  (including  the  CIO)  had 
access  to  a  very  sensitive  area  of  the  company’s  systems  when,  in 
fact,  only  three  people  actually  needed  the  access  to  do  their  jobs; 
the  other  29  were  superfluous  and  therefore  potential  risks.  Kark 
calls  that  situation  “typical.” 

Even  though  anyone  with  PC  access  can  wreak  havoc  on  your 
systems,  research  from  a  CERT  Insider  Threat  study  shows  that 
technology  sabotage  almost  always  comes  from  within  the  IT  ranks. 
In  49  incidents  of  IT-enabled  sabotage  examined,  86  percent  of 
the  perpetrators  held  technical  positions, 
and  90  percent  of  them  had  been  granted 
administrator  or  privileged  system  access 
when  they  were  hired. 

“I  worry  about  the  trusted  person,”  says 
Credit  Suisse’s  Sanzone.  “To  run  an  organi¬ 
zation  like  this  you  have  many  trusted  indi¬ 
viduals  that  have  access  to  sensitive  things 


as  part  of  their  job.  Probably,  your  risk  is  as  high  or  if  not  higher 
[with  the  trusted  person]  than  with  any  other.” 

But  taking  some  of  that  power  and  access  away  from  IT  employ¬ 
ees  can  be  a  delicate  procedure.  In  the  CERT  study,  92  percent  of 
all  of  the  insiders  attacked  their  organizations  following  a  negative 
work-related  event,  such  as  a  dispute  with  a  boss,  a  demotion  or  a 
transfer.  “The  people  who  have  had  privileged  access  have  enjoyed 
the  freedom  to  do  whatever  they  wanted  to  do,”  Kark  says.  “If  you 
put  in  control  where  there  was  no  control  before,  there’s  going  to 
be  some  resistance.” 

Network  Services  Company’s  Roche  was  “somewhat  seriously 
concerned”  about  that  kind  of  resistance  when  he  instituted  a  new 
policy  for  how  his  IT  staffers  would  monitor  employees’  computers. 
Each  IT  staffer  received  a  specific  ID  and  password  for  tapping  into 
systems  for  monitoring  and  “running  a  report”  on  an  employee. 
Each  monitoring  event  could  be  initiated  only  by  HR,  and  every 
one  would  be  logged.  Roche  credits  the  time  he  took  to  explain  to 
everyone  why  he  was  instituting  the  policy  and  why  it  was  impor¬ 
tant  to  the  company  for  the  fact  that  he  didn’t  get  the  pushback 
he  anticipated.  That,  and  the  perception  that  “they  wouldn’t  want 
someone  doing  it  to  them.” 

Kark  says  there  are  three  key  things  that  CIOs  need  to  make 
certain  (and  communicate  to  their  staffs)  when  rolling  out  these 
types  of  policies.  First,  make  it  clear  who  in  IT  has  ownership 
and  responsibility  for  each  part  of  the  process  when  any  type  of 
event  is  triggered  by  the  HR,  legal,  physical  security  or  compliance 
departments.  Second,  there  needs  to  be  a  decision  tree  for  how  IT 
employees  will  respond  to  each  incident  and  investigation,  with  a 
detailed  analysis  of  different  types  of  scenarios  and  the  resulting 
procedures.  And  third,  CIOs  and  their  staffs  should  run  simula¬ 
tions  and  tests  on  how  the  processes  will  play  out  when  an  event 
happens. 

For  all  of  Riel’s  claims  of  whistle-blowing  at  Morgan  Stanley,  it 
was,  ironically,  one  of  Riel’s  subordinates  who  followed  the  proper 
chain  of  command  and  blew  the  whistle  on  Riel. 

Despite  Morgan  Stanley’s  insistence  that  its  procedures  func¬ 
tioned  properly,  a  lot  of  things  went  wrong.  Of  course,  a  lot  of  things 
can  go  wrong  anywhere,  but  accepting  that  inevitability,  and  plan¬ 
ning  for  how  to  handle  it,  is  the  key  to  good  security  and  a  lot  less 

anxiety  for  CIOs. 

“We  do  everything  we  can  to  stay  on  top 
of  this,”  says  Credit  Suisse’s  Sanzone. 

“But  sure,  I  worry.”  BZ3 


Senior  Writer  Thomas  Wailgum  can  be  reached 
at  twailgum@cio.com.  To  comment  on  this  story, 
go  online  to  www.cio.com/104655. 


Surf  City 


You  know  your  EMPLOYEES  are  WEB 
SURFING  AT  WORK.  For  expert  advice 
on  how  to  manage  in  that  environment, 

see  Internet  Surfing  at  the  Workplace  at 
www.cio.com/article/104600. 

cio.com 
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With  complex  businesses, 

■■  reliability  is  not  optional 


The  more  critical  the  technology  to  your  business,  the  more  reliable  it 
must  be.  Your  operations  are  more  complicated  than  ever.  Many  users, 
devices  and  locations.  Many  technologies,  needs  and  applications. 
Alcatel-Lucent  delivers  business  solutions  where  downtime  is  not  an  option. 
More  on  business-critical  on  Alcatel-Lucent.com 
Because  the  world  is  always  on. 

Register  to  meet  us  at  Interop  '07 

www.alcatel-lucent.com/interop 
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Are  you  Secure? 

If  you're  not  feeling  good  about  your  company's 
level  of  endpoint  security,  you're  not  alone . 


Source:  ClO/Computerworld/CSO  online  survey,  January  2007,  51 6  respondents  involved  in  security  strategy 


'How  would  you  best  describe  your  organization's 
current  situation  regarding  endpoint  security?" 


level 


Join  the  experts  on  endpoint  security,  and  your  peers, 
for  the  first  ever  virtual  conference  on  the  topic.  This  free 
conference  will  focus  on  the  strategies  and  tactics  for 
protecting  data  at  the  edge  of  your  network. 


Endpoint 

Security 


A  VIRTUAL  CONFERENCE 

Presented  by  CIO,  CSO  and  Computerworld 


Business 

Technology 

Leadership 


PRESENTED  BY: 


COMPtTTBtWORLD  f  Of) 

The  Voice  of  IT  Management 


The  Resource 
for  Security 
Executives 


Live  Event:  May  23,  2007  I  On  Demand:  May  24  -  November  30,  2007 

Register  now  at  www.endpointsecurityconference.com 

Silver  Sponsors:  Forescout,  Kace,  Kingston  Technology,  Qualsys, 
RSA,  Thawte 

Bronze  Sponsors:  Core,  Kazeon,  PGP,  SonicWALL,  Tablus,  Workshare 


Platinum  Sponsor:  Novell 

Gold  Sponsors:  Credant  Technologies, 
Symantec,  Webroot  Software,  Inc. 
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To  succeed  today, 

CIOs  need  to  invest  in  tomorrow's  leaders 

BY  STEFF  GELSTON 


Who  doesn’t  love  a  hero ? 

When  all  hell  is  breaking  loose,  when  the  network  is  crash¬ 
ing  and  the  servers  are  smoking,  what  CIO  hasn’t  imagined 
himself  or  herself  as  Superman  or  Wonder  Woman,  bravely 
reaching  into  the  fire  to  save  the  business’s  bacon?  Admit  it: 
The  fantasy  of  being  the  irreplaceable  figure  to  whom  every¬ 
one  turns  for  leadership  is  enthralling,  even  thrilling. 


And  being  the  lone  leader  is  great...if  you  possess  super¬ 
human  powers,  such  as  the  ability  to  be  in  two  places  at  one 
time.  But  most  IT  executives  understand  that  they  are  merely 
mortal,  and  the  smart  ones  understand  that  no  leader  stands 
alone,  that  a  leader  is  only  as  good  as  his  or  her  team.  So  the 
most  successful  CIOs  make  developing  leaders  at  all  levels  of 
their  organization  a  strategic  priority. 

The  25  men  and  women  who  are 
this  year’s  Ones  to  Watch  award 
winners  embody  this  commitment 
to  empowering  leadership  within 
IT.  With  this  award,  CIO  maga¬ 
zine  and  the  CIO  Executive  Coun¬ 
cil  recognize  both  IT’s  rising  stars 
and  the  CIOs  who  nurtured  them. 

And  with  the  Standout  award,  we 


honor  those  winners  who  have 
excelled  in  leading  innovation, 
business  strategy,  project  exe¬ 
cution,  team  building  or  organi¬ 
zational  change.  (Find  Standout 
winners  on  Pages  44-52.) 

Inculcating  these  skills  in  an 
organization  takes  time,  thought 
and  commitment.  The  CIOs  of 
Motorola,  BT  and  Direct  Energy 
share  their  strategies  in  “How  to 
Unleash  Your  Leaders”  (Page  42).  Mid-market  CIOs  dis¬ 
cuss  their  own  leadership  issues  in  “The  Mid-Market  CIO: 
What  Are  the  Challenges?”  (Page  56). 

So  what  do  the  CIOs  of  tomorrow  want  from  their  lead¬ 
ers  today?  CIO’ s  poll  of  the  honorees  found  that  95  per¬ 
cent  believe  their  CIOs  should  spend  less  time  playing 
Superman  and  more  time  manag¬ 
ing  and  developing  staff.  For  full 
survey  results  (and  to  benchmark 
against  those  CIOs  who  inspired 
our  winners),  go  to  www.cio.com/ 
onestowatch. 

Congratulations  to  our  honorees 
and  their  CIOs.  They  may  not  be 
superheroes,  but  they’re  achieving 
super  results.  » 


ON  THE  WEB 


w 


To  learn  why  this  year’s  honorees 
were  selected,  check  out  the 

winners’  slideshow 

Columnist  John  Baldoni  riffs  on 
Ones  to  Watch  themes,  including 
staff  and  leadership  development 


All  this  and  more  at 

www.cio.com/onestowatch 
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y°ulLeaders 


CIOs  who  want  to  succeed  as 
business  partners  and  strategists  can't  do  it  alone. 
Success  requires  unshackling  the  leaders  within  your 
IT  organization  and  letting  them  run. 

BY  STEPHANIE  OVERBY 


Motorola  CIO  Patty  Morrisotl  sleeps  well  at  night.  She  takes  real  vacations. 

She  has  time  to  think.  It  doesn’t  sound  like  the  typical  descrip- 


Reader  ROI 

i:  Why  CIOs  need  to  make 
leadership  development 
a  priority 

::  Howto  create  a  culture 
of  leadership 

::  Tactics  for  encouraging 
leaders  at  every  level 


tion  of  life  as  a  CIO,  particularly  an  IT  leader  at  a  $42  billion 
company  in  the  midst  of  a  major  reorganization  in  the  acutely 
competitive  communications  equipment  market.  Truth  be 
told,  there  may  be  a  little  hyperbole  in  Morrison’s  self  por¬ 
trayal.  Her  plate  is  full.  She  determines  long-term  IT  strategy, 
works  closely  with  executive  peers  to  decide  the  right  direction 


for  the  company,  and  travels  the  world  to  communicate  the 


corporate  mission  to  the  enterprise  and  its  customers. 


But  when  it  comes  to  the  day-to-day  operation  and  success  other  2,200-person  tech¬ 
nology  department,  Morrison’s  concerns  are  few.  She  doesn’t  get  middle-of-the-night 
calls  about  network  outages.  She’s  not  putting  out  IT  fires  instead  of  eating  lunch.  When 
Motorola  created  a  new  integrated  supply  chain  division  that  IT  had  to  support,  Mor¬ 
rison  barely  broke  a  sweat.  She  sought  out  Ones  to  Watch  (OTW)  winner  Cathie  Kozik, 
corporate  VP  of  IT,  supplied  her  with  the  necessary  resources  and  watched  her  create 
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TRUST 


...  is  knowing  when 

you  need  someone  most, 

they'll  be  there. 

At  Perot  Systems,  we  approach  every  business  relationship  with 
a  firm  commitment  to  earn  and  retain  our  client's  trust.  It  is 
a  critical  component  of  every  IT,  consulting,  applications,  and 
business  process  solution  we  deliver.  We  are  a  worldwide  team 
of  skilled  professionals  who  thrive  on  providing  high-quality, 
quantifiable  results  you  can  count  on. 

For  us,  the  true  benchmark  of  success  is  being  there  when 
clients  need  us  most  and  coming  through  when  challenges  are 
greatest.  That's  how  we  build  lasting  trust. 

When  you  need  a  teammate  to  help  your  business  soar  to  new 
heights,  we'll  be  up  to  the  challenge.  Call  us  at  1  888  30  PEROT, 
orvisitwww.perotsystems.com. 

CONSULTING  /  BUSINESS  PROCESSES  /  APPLICATIONS  /  INFRASTRUCTURE 

perot 


"We  outsourced  most  of  our  IT 
to  Perot  Systems  back  in  1998 
and  it  is  one  of  the  best  strategic 
decisions  we  ever  made.  They've 
earned  our  deepest  trust  in  every 
way  by  contributing  to  the  success 
of  many  key  business  initiatives." 

G.  Gilmer  Minor  III, 
Chairman, 
Owens  &  Minor,  Inc. 


©  Copyright  2007  Perot  Systems 
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an  effective  IT  group  from  scratch. 

Morrison’s  not  lucky.  Like  most  suc¬ 
cessful  CIOs  today,  the  25-year  IT  vet¬ 
eran  makes  a  concerted  effort  to  foster 
leadership  at  all  levels  of  her  IT  organi¬ 
zation.  She  knows  that  the  benefits  of 
pushing  accountability  for  IT  success 
further  down  the  org  chart  go  beyond 
personal  perks  like  getting  a  good  eight 
hours  of  sleep.  And  it’s  not  just  succes¬ 
sion  planning  we’re  talking  about.  CIOs 
who  want  to  succeed  as  business  part¬ 
ners  and  strategists  can’t  do  it  alone. 

“A  CIO  has  a  lot  of  priorities.  As 
a  general  rule,  they  should  spend  at 
least  half  their  time  outside  the  four 
walls  of  their  own  organization,”  says 
Susan  Cramm,  IT  leadership  expert  and 
founder  of  Valuedance.  ‘‘You  start  think¬ 
ing  about  how  that  can  happen  and  you 
realize,  ‘Hey,  wait  a  minute.  CIOs  need 
to  think  about  how  to  drive  accountabil¬ 
ity  down.’  It’s  a  key  issue.” 

Otherwise  talented  CIOs  who  don’t 
cultivate,  empower  and  reward  leader¬ 
ship  in  their  departments  risk  creating 
a  rocky  relationship  between  IT  and  the 
business  and  dooming  themselves.  “A 
CIO  who  is  not  able  to  empower  other 
leaders  will  have  a  difficult  time  fulfill¬ 
ing  his  role,”  says  Steven  Agnoli,  Ones 
to  Watch  judge  and  CIO  of  law  firm 
Kirkpatrick  &  Lockhart.  “The  CIO  is 
never  the  successful  one.  Your  success 
is  almost  entirely  related  to  the  success 
of  the  people  within  your  group.” 

Indeed,  an  employee’s  leadership 
failure  becomes  yours  as  well.  “There 
are  some  IT  organizations  where  the 
business  feels  quite  comfortable  with 
the  CIO  and  maybe  even  his  or  her 


STANDOUT  WINNER 

The  Change  Agent 

Vince  Mancuso,  deputy  CIO  of  the  Air  Force 
Reserve  Command  (AFRC),  says  it’s  hard  to 
say  which  came  first— his  role  as  a  leader  or  as 
a  change  agent— but  there  is  a  symbiotic  relation¬ 
ship  between  the  two.  His  most  significant  achievement  is  turning  around 
the  ReserveNet  initiative,  a  Web-based  system  for  managing  scheduling  and 
readiness  training  of  Air  Force  Reserve  personnel.  Within  three  months  he 
assembled  a  technical  team,  built  and  fixed  failed  applications,  and  stabilized 
the  infrastructure.  He  also  restored  confidence  in  IT's  ability  to  deliver  core 
mission  applications  to  frontline  users.  Mancuso  says  the  successful  execu¬ 
tion  of  ReserveNet’s  turnaround  comes  from  his  ability  to  identify  a  challenge 
and  then  articulate  a  plan  that  all  stakeholders  can  understand  and  buy  in  to. 
It  doesn’t  hurt  that  he  is  fluent  in  business  and  technology,  which  is  critical  to 
any  transformational  leader.  “You  don’t  have  to  be  the  expert,  but  you  need  to 
be  conversant  at  all  levels,"  he  says.  Adds  Col.  John  Hayes,  AFRC’s  CIO,  “He’s 
an  effective  change  agent  that  translates  vision  into  focused  solutions  that 
streamline  our  organization.”  -Katherine  Walsh 

3  Tip  A  change  agent’s  power  is  derived  from  the  stakeholders. 

Without  valuable  solutions,  that  power  becomes  insignificant. 


immediate  reports,”  says  Forrester  VP 
Laurie  Orlov.  “But  a  level  down,  they’re 
not.  That  leads  to  concerns  about  the 
long-term  direction  of  IT.” 

For  Morrison,  IT  leadership  devel¬ 
opment  is  just  as  important  as  other 
strategic  priorities  such  as  determin¬ 
ing  long-term  IT  plans  and  collaborat¬ 
ing  with  peers  on  corporate  strategy. 
Maybe  more  so.  “Spending  a  lot  of  time 
on  developing  talent  is  the  only  way  to 
be  sure  I  can  execute  well,”  she  says. 

Cultivation 

CIOs  who  hope  to  cultivate  leaders 
throughout  their  organizations  must 
first  clearly  define  the  characteristics 


they’re  looking  for  in  standouts.  For 
Morrison,  it’s  pretty  simple.  “One  of  my 
favorite  characteristics  of  leadership  is 
courage,”  she  says.  “It  means  being  able 
to  take  the  right  risks.” 

What  she  seeks  in  her  staff  is  the 
opposite  of  what  she  encountered  when 
she  joined  Motorola  as  CIO  in  2005.  IT 
employees  in  the  European  division 
were  struggling  with  an  underper¬ 
forming  vendor,  and  Morrison  flew 
across  the  pond  to  assess  the  situation. 
“I  found  they  were  waiting  for  someone 
else  to  come  in  and  fix  it  for  them,”  she 
recalls. 

“There  should  be  opportunities  for 
people  everywhere  in  IT  to  create  a  dif- 
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ference,”  says  Cramm.  “But  you  have  to 
create  a  culture  that  enables  people  to 
step  up  and  see  leadership  as  their  role.” 
As  a  CIO  herself,  Cramm  once  inher¬ 
ited  an  IT  organization  with  an  excess 
of  “institutional  whining”  and  a  seem¬ 
ing  scarcity  of  leadership.  “I  told  them 
that  if  they  were  going  to  bring  a  prob¬ 
lem  up,  they  had  to  be  willing  to  take  a 
leadership  role  in  fixing  it,”  she  says.  “If 
they  could  offer  some  solutions,  I  would 
write  checks  and  arrange  for  resources.” 
What  emerged  were  employees  at  every 
level  willing  to  lead. 

BT  CIO  Al-Noor  Ramji  values  employ¬ 
ees  who  aren’t  buried  in  their  own  work 


and  have  a  broader  view,  like  his  director 
of  customer  experience  and  OTW  hon- 
oree  Ian  Rosarius.  Ramji  himself  juggles 
two  roles— CIO  for  BT  Global  and  CEO 
of  BT  Exact,  the  company’s  research 
and  technology  arm.  “I  sometimes  hire 
people  without  100  percent  clarity  of 
what  role  they  will  do,”  admits  the  CIO 
of  the  $34  billion  telecom  company.  “But 
I  know  they  will  bring  value.” 

“Leadership  has  very  little  to  do  with 
job  title,”  seconds  Cramm,  “and  every¬ 
thing  to  do  with  orientation.” 

So  are  good  leaders  sitting  in  your 
own  IT  organization  in  full  bloom  just 
waiting  to  perform?  That’s  a  matter  of 


debate.  But  at  Direct  Energy,  there’s  as 
least  as  much  nurture  as  nature  involved. 
Kumud  Kalia,  CIO  of  the  $7.6  billion 
energy  company,  gets  great  satisfaction 
from  watching  his  IT  leaders  outperform 
expectations  but  acknowledges  other 
motives  are  at  work.  “I  have  two  jobs.  I 
lead  the  IT  function  of  the  company.  But 
as  a  member  of  the  executive  committee, 
I  have  a  say  in  how  the  company  is  man¬ 
aged,”  says  Kalia.  “So  I  need  my  employ¬ 
ees  to  step  up  and  do  more.” 

“CIO  roles  are  more  and  more  about 
delivering  business  value,”  agrees  Andy 
Walker,  research  director  for  Gartner 
Executive  Programs.  “CIOs  are  assessed 
by  the  credibility  of  their  department. 
They  want  that  breadth  of  perspective  at 
the  level  below  them  and  the  next  level 
and  all  the  way  down.” 

To  that  end,  Kalia  actively  broadens 
the  horizons  of  his  330  IT  employees.  “I 
believe  in  stretching  individuals  in  ways 
they  haven’t  thought  about  stretching 
themselves,”  he  says.  According  to  CIO’ s 
survey  of  the  2007  Ones  to  Watch  award 
recipients,  95  percent  said  stretch  assign¬ 
ments  have  been  very  or  extremely  effec¬ 
tive  in  their  leadership  development. 

One  way  to  encourage  a  wider  view 
is  through  job  rotation  programs.  To 
that  end,  Kalia  encourages  diverse  tours 
of  duty.  “Developers  spend  time  in  the 
architecture  group,  project  managers 
rotate  through  the  business  transforma¬ 
tion  group,”  he  says.  “It  puts  them  in  a 
context  they  haven’t  operated  in  before, 
exposes  them  to  new  lines  of  business.” 

Sometimes  cultivating  leadership 
can  be  as  simple  as  educing  a  stretch  in 
thinking.  “I’ll  say,  ‘Hey,  that’s  what  you’re 
doing  in  terms  of  your  IT  job.  But  what 


STANDOUT  WINNER 

The  Business  Strategist 

Marc  Hamer  infuses  a  strong  business  sensibility  into 
his  role  as  acting  VP  and  CIO  for  Raytheon’s  Intelli¬ 
gence  and  Information  Systems.  This  honoree  also 
rejects  traditional  notions  about  technology's  role 
I  as  a  supporting  playertothe  business.  "I  don’t 
see  IS  as  a  support  organization— it  is  a  clear 
1  discriminator  for  our  company  to  gain  revenue,” 
he  says.  Hamer  uses  his  business  background 
(stints  in  finance,  business  development  and 
product  development  teams)  to  reshape  his  orga¬ 
nization  around  business  growth.  “I  run  [IS]  as  if  I  were 
the  owner  of  my  own  business,”  he  says.  “That  way,  I  can  achieve  success 
and  continue  to  be  a  key  player  at  the  executive  leadership  level  and  let 
them  know  the  business  can’t  be  successful  without  IT.”  His  go-to-market 
strategies  have  created  new  business  opportunities  by  reusing  traditional 
vendor  products  and  technologies  and  applying  them  to  solve  customer 
problems.  This  approach  has  led  to  the  introduction  of  new  products  or 
new  features  to  existing  products,  saving  the  customer  time  and  money 
and  proving  IT’s  value  to  the  business.  -K.W. 

3  Tip  Think  of  yourself  as  a  leader  who  is  as  important  as  the  CEO. 
Then  run  your  IT  shop  like  a  business. 
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STANDOUT  WINNER 

The  Team  Builder 

Elizabeth  "Rock”  Rockowitz,  executive  direc-  | 
tor  at  the  University  of  Miami’s  Miller  School  of  1 
Medicine,  believes  strong  teams  create  strong 
employees  who  aspire  to  reach  higher  goals  and 
meet  tough  challenges.  “Creating  a  path  for  the 
team  and  supporting  the  group  with  a  clear  vision 
of  the  end  goal  is  the  first  step  for  a  leader,”  she  says.  The  belief  that  each 
member  of  a  team  needs  to  fit  into  the  organization  so  that  their  strengths 
can  shine  is  at  the  heart  of  Rockowitz’s  leadership  philosophy.  That  includes 
"making  sure  their  managers  and  supervisors  are  setting  them  up  for  suc¬ 
cess,  not  failure,”  she  says.  Rockowitz  has  established  teams  that  work  across 
the  organization,  demonstrate  a  "phenomenally”  low  turnover  rate  (no  small 
feat  as  the  talent  wars  heat  up)  and  an  ability  to  deliver  projects  such  as  the 
Health  Management  Engineering  Division,  an  in-house  consulting  service 
that  helps  hospitals  and  clinics  associated  with  the  medical  school  realize 
the  benefits  of  technology-enabled  workflows.  Respect  and  business  leader 
loyalty  are  the  result  of  her  personal  and  team  communication  process  and 
prompt  execution  of  deliverables.  -K.W. 

o  Tip  Teams  need  to  know  that  what  they  do  is  important  and  that  it  has  a 
positive  effect  on  the  organization. 


about  what  we’re  doing  as  a  company?” 
.  “That’s  a  stretch  if  all  they  think  they 
have  to  do  is  develop  an  application.”  He 
pushes  his  employees  to  follow  through 
to  the  logical  business  end.  “Are  people 
using  the  system?  If  not,  why  not?  I  want 
them  to  go  that  last  mile.  Then  they  start 
to  own  the  business  outcomes.” 

Kalia  stretched  OTW  honoree  and 
VP  of  IT  Hugh  Scott,  charging  him 
with  establishing  a  new  form  of  IT 
governance  for  the  company’s  Texas 
subsidiary.  No  technical  slouch,  Scott 
started  his  career  as  a  developer,  taking 
on  progressively  more  senior  roles  and 
earning  a  PhD.  But  he’d  expressed  an 
interest  in  expanding  his  business-IT 
understanding.  Scott  ultimately  cre¬ 
ated  a  decision-making  forum  called  the 
Business  Advisory  Committee  (BAC). 
It  was  a  such  a  success,  the  BAC  model 
has  been  adopted  enterprisewide  and 
Kalia  credits  Scott  with  strengthening 
IT’s  overall  credibility. 

Kalia  was  involved  throughout,  but 
only  as  Scott’s  mentor.  “I  talked  to  him 
for  30  minutes  every  week.  Sometimes 
he’d  ask  for  advice  and  I’d  offer  it.  Other 
times,  I  let  him  make  his  own  mistakes,” 
says  Kalia.  “I  do  that  with  all  IT  leaders, 
not  just  those  in  management.”  In  fact, 
73  percent  of  Ones  to  Watch  winners 
value  one-on-one  coaching  as  being 
effective  in  leadership  development. 

But,  says  Kalia,  it’s  critical  to  leave 
space  for  those  “breakthrough  moments” 
burgeoning  leaders  have  to  experience 
firsthand.  “They’re  rites  of  passage— 
those  transcendental  moments  when 
you  realize  you  can  stretch  yourself,”  he 
says.  “You  just  have  to  keep  presenting 
them  with  opportunities  to  get  it.” 


Empowerment 

Cultivating  leadership  and  empower¬ 
ing  leadership  may  sound  the  same.  But 
the  former  involves  eliciting  the  leader¬ 
ship  qualities  that  exist  in  employees. 
Empowerment  means  giving  them  the 
tools  they  need  to  succeed.  Chief  among 
those  is  a  clear  picture  of  IT’s  mission 
and  their  role  in  it. 

“This  requires  far  more  specificity 
in  defining  the  behaviors  that  lead  to 
success  than  is  typically  given  in  the  IT 
department,”  says  Emmett  C.  Murphy, 
author  of  Talent  IQ.  “Ironically,  to  these 
IT  professionals— often  very  systematic 
thinkers— we  typically  say,  ‘Go  do  your 
thing.’  That’s  not  empowerment,  that’s 


irresponsible  leadership.” 

The  CIO’s  job  is  to  make  certain  all 
employees  have  an  almost  visceral 
understanding  of  IT  objectives.  For 
BT’s  Ramji,  it’s  right  there  in  his  own  job 
description:  “My  role  is  to  provide  the 
vision,  empower  employees  to  under¬ 
stand  the  vision  and  how  to  apply  the 
vision  to  their  daily  decisions.”  Cur¬ 
rently,  BT  is  focused  on  transforming 
customer  service  across  all  products 
and  customer  segments.  The  corpo¬ 
rate  mantra?  Do  things  right  the  first 
time  and  in  as  little  time  as  possible. 
“It  makes  it  easy  for  all  of  our  people  to 
know  if  they’re  doing  the  right  thing,” 
says  Ramji.  “They  only  have  to  ask,  Will 
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STANDOUT  WINNER 

The  Innovator 

Innovation  requires  creativity  and  a  certain 
level  of  risk.  “The  greatest  innovation  chal¬ 
lenges  are  often  not  technical,  but  [have  to 
do  with]  the  ability  to  embrace  change,”  says 
Wayne  Haughey,  director  of  systems  engineer¬ 
ing  at  Pulte  Homes.  Haughey’s  talent  for  innovation  has  shown  itself 
in  his  ability  to  conceive  and  lead  projects  at  Pulte  that  drive  business 
value  for  the  company  and  break  new  ground  in  the  IT-shy  homebuild- 
ing  industry.  He  says  he  has  pushed  the  envelope  by  first  assessing  the 
company's  readiness  for  innovation  before  unleashing  an  initiative. 

This  approach  has  helped  him  successfully  implement  projects  that  are 
industry  leaders,  including  the  Global  Integration  Factory,  which  central¬ 
izes  and  controls  all  data  for  Pulte  Homes  for  a  cost  savings  of  $10  mil¬ 
lion  annually;  Pulte  Home  Builder  Suite,  the  first  enterprise  homebuilder 
ERP  suite  in  North  America;  and  the  homebuilding  industry’s  largest 
sales  process  and  sales  system  integration  of  lead  management,  cam¬ 
paign  management  and  CRM,  delivered  through  Siebel  OnDemand.  CIO 
Jerry  Batt  cited  Haughey  for  “driving  industry-leading  innovation  and 
change  through  the  entire  corporation”  while  building  IT's  credibility  as 
a  trusted  business  partner.  -K.W. 

3  Tip  Continuous  assessment  and  improvement  is  the  key  to  making 
innovation  work. 


this  increase  our  ‘right  first  time’  per¬ 
centage  or  reduce  cycle  time?” 

“I  try  to  create  an  environment  where 
the  communication  is  so  tight  that  people 
not  only  know  what  to  do  in  any  given 
situation  but  how  what  they’re  doing 
links  into  the  bigger  picture,”  says  Motor¬ 
ola’s  Morrison.  Each  year,  she  brings  the 
company’s  top  100  IT  leaders  together 
to  discuss  strategy  and  goals.  “It  allows 
people  to  think  creatively  about  what 
they  can  personally  do  to  make  a  differ¬ 
ence,”  she  says.  Motorola  IT  currently 
has  three  goals:  creating  business  value, 
reducing  complexity  and  increasing  IT 


value.  “There  should  be  no  reason  you 
don’t  have  a  clear  line  of  sight  from  your 
role  to  those  three  objectives,”  she  says. 

That  clarity  empowers  IT  leaders 
to  move  independently.  “The  CIO  can 
push  decision  making  down  if  you  have 
some  kind  of  measure  of  what’s  going 
on  in  business  and  how  IT  aligns  with 
that,”  says  Gartner’s  Walker.  “People 
can  make  decisions  to  achieve  without 
having  to  refer  everything  up  the  chain 
of  command  and  back  down  again.” 

Empowering  leaders  also  means  giv¬ 
ing  them  tools  for  success,  from  equip¬ 
ment  to  people.  “If  I  ask  [my  employees] 


what  they  need,  I  have  to  deliver  it,”  says 
Morrison.  When  Morrison  gave  OTW 
winner  Kozik  the  chance  to  set  up  a 
new  IT  group,  she  had  to  give  her  more 
than  a  new  title  and  a  raise.  “I  had  to 
force  organizational  change  to  give  her 
people  to  do  the  work,  make  prioritiza¬ 
tion  decisions  to  make  sure  the  money 
was  there,  make  sure  she  had  access  to 
the  finance,  HR  resources  she  needed  to 
build  a  strong  team,”  says  Morrison. 

Fully  armed,  Kozik  built  not  only 
a  new  IT  group  but  good  standing 
with  a  new  line  of  business.  Her  team 
improved  supplier  integration  times, 
reduced  downtime  by  more  than  40 
percent  and  delivered  a  digital  supply 
chain  dashboard  for  mobile  devices. 
“She’s  working  for  the  business,”  says 
Morrison.  “And  I’m  working  for  her.” 

But  sanctioning  leaders  at  all  levels 
also  means  allowing  for  less  than  stel¬ 
lar  results  too.  It’s  all  part  of  creating 
an  open  environment  that  encourages 
people  to  take  leadership  risks.  “I  tell 
my  people,  ‘I’ll  forgive  you  for  anything 
except  not  trying,”’  says  BT’s  Ramji. 
But  for  it  to  work,  Ramji  has  to  walk 
the  talk.  “If  I  tell  my  people,  ‘Be  bold. 
It’s  OK  to  fail,’  then  I  need  to  be  honest 
when  things  haven’t  worked  the  way  I 
had  hoped.”  To  that  end,  he  makes  all 
scorecards  for  IT  available  to  everyone 
in  real-time  and  uncensored. 

Rewards 

All  that  openness  can  be  a  little  frighten¬ 
ing,  even  for  the  steeliest  new  leader.  But 
courage  has  its  rewards.  For  example, 
every  IT  project  team  at  BT  commits 
to  a  90-day  review  of  their  work.  At 
the  end  of  that  period,  an  independent 
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Ian  Rosarius,  37 

Director,  Customer 
Experience 
BT  Group 
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{LEADERSHIP  DEVELOPMENT} 


team  consults  with  the  line-of-business 
customer  to  find  out  if  the  work  met  the 
new  business  imperative:  Was  it  deliv¬ 
ered  right  the  first  time?  If  so,  the  team 
receives  a  quarter  of  the  annual  bonus 
right  away  instead  of  at  year  end.  “That 
links  rewards  to  leadership  and  deliv¬ 
ery,”  says  Ramji. 

Cold  hard  cash  isn’t  the  only  moti¬ 
vator  of  leadership.  In  addition  to  the 
“money  and  equity”  rewards  system 
in  place  at  Motorola,  Morrison  also 
recognizes  good  change  management 
throughout  her  organization,  not  just 
schedule  and  budget  metrics.  She  also 
measures  performance  against  IT’s 
other  objectives— business  value  real¬ 
ization  and  reduced  complexity— and 
highlights  those  accomplishments. 

“The  tendency  in  IT  is  to  want  to 
reward  heroism.  Something  broke  and 
we  worked  24/7  to  fix  it,”  says  Morri¬ 
son,  who  makes  sure  to  call  attention  in 
Motorola’s  “town  halls”  and  other  meet¬ 
ings  to  those  projects  whose  outcome  is 
the  less-than-sexy  “no  disruption.”  She 
says,  “My  goal  is  to  reward  preventive 
heroism.”  Morrison  also  knows  that  out¬ 
side  recognition  is  important  and  isn’t 
shy  about  prodding  IT  users— from  a 
customer  service  employee  to  the  CEO 
himself— to  make  his  gratitude  plain.  “1 
tell  them  it  would  mean  an  enormous 
amount  to  this  person  for  you  to  acknowl¬ 
edge  what  they  accomplished,”  she  says. 

Top  of  mind  for  leaders  at  any  level 
of  the  IT  organization  is  career  growth. 
Unfortunately,  that’s  the  area  where 
CIOs  are  most  likely  to  underdeliver. 
And  it’s  not  always  for  lack  of  trying. 
Morrison  spends  a  lot  of  time  talking 
to  her  employees  about  what  they  want 


from  their  careers  and  why.  “If  they’re 
passionate  about  something,  they’re 
likely  to  be  courageous  and  thus  influ¬ 
ential  leaders,”  she  says.  “But  it’s  hard  if 
they  can’t  articulate  that.” 

Coaxing  that  information  out  of 
employees  is  the  most  difficult  part  of 
the  “CIO  as  leadership  developer”  job. 


“Coaching  is  the  most  powerful  and 
underused  capability.  CIOs  need  to 
develop  it  in  themselves  and  their  own 
leaders,”  says  Cramm.  “A  good  CIO  will 
say,  Let’s  figure  out  what  your  capabili¬ 
ties  are  and  understand  how  we  can 
bring  your  unique  gifts  and  talents  to 


the  organization.”  CIOs  who  can  do 
that  get  to  the  leadership  development 
“sweet  spot,”  says  Cramm,  where  the 
goals  and  values  of  the  enterprise  and 
individual  meet. 

At  Direct  Energy,  disciplined  talent 
review  processes  have  always  been  in 
place.  But  that  hasn’t  stopped  the  CIO 


from  taking  the  process  even  further. 
“We  ask  anyone  who’s  been  in  a  role  for 
two  years,  What  do  you  want  to  do  now?” 
says  Kalia.  “We  make  sure  there  are  paths 
for  each  person  based  on  their  needs.” 

Kalia  has  created  half  a  dozen  new 
leadership  roles  on  his  senior  manage- 


STANDOUT  WINNER 

The  Project  Driver 

Tight  deadlines,  demanding  stakeholders  and 
bumps  in  the  road  don’t  faze  Perrysi  Ashmore, 
deputy  CIO  of  the  Federal  Acquisition  Service, 

U.S.  General  Services  Administration  (GSA). 

When  it  comes  to  project  delivery,  Ashmore 
has  scored  successes,  such  as  last  October’s 
successful  launch  of  the  HSPD-12  managed  service, 
a  standard  for  secure  and  reliable  identification  and  authentication  through 
cards  issued  to  federal  employees  and  contractors.  However,  Ashmore  says, 
things  don’t  always  go  as  planned.  For  instance,  it  took  him  eight  months  to 
convince  the  GSA’s  Federal  Technology  Service  that  its  SAP  implementation 
couldn’t  deliver  as  expected  and  should  cease.  In  a  case  like  that,  “you  roll  up 
your  sleeves,  get  in  there  with  them,  show  them  that  you’re  part  of  the  solu¬ 
tion  and  will  be  there  even  when  things  aren’t  going  well,”  he  says.  As  program 
manager  for  the  reverse  migration,  he  led  the  restructuring  of  the  SAP  envi¬ 
ronment  from  more  than  $3.1  million  per  month  to  less  than  $250,000  per 
month;  this  resulted  in  improving  the  progress  made  in  the  transition  away 
from  the  SAP  legacy  environment.  This  high-profile,  high-risk  project  is  near¬ 
ing  successful  completion.  -K.W. 

3  Tip  Consider  what's  possible,  then  give  people  a  vision  of  what  they 
need  to  achieve  and  how  they  can  hit  that  target. 


Hugh  Scott,  36 

VP  of  IT 
Direct  Energy 


Bharat  Sethi,  46 

Senior  VP 
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Jane  Shaffer,  37 

VP  of  IT,  Business 
Intelligence  and 
Relationship 
Management 
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Angie  Wiskocil,  54 

Senior  VP 

Mass  Market  Systems 
AT&T  Services 


Jack  Yeh,  43 

Director,  Information 
Technology  Programs 
Northrop  Grumman 
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How  We  Chose  the  Winners 

To  qualify  for  the  2007  Ones  to  Watch  award,  candidates  had  to  be  nominated  or  sponsored 
by  a  CIO.  A  31-member  panel  of  working  CIOs  and  the  CIO  Executive  Council  reviewed  and 
rated  the  applications.  Three  CIOs  scored  each  nominee  on  several  criteria,  including  exper¬ 
tise  in  a  range  of  business  and  IT  functions,  experience  in  leading  a  large  project  or  conceiving 
a  new  business  product,  and  ability  to  turn  around  a  troubled  project  or  organization.  After 
a  final  due-diligence  review  by  CIO’s  editors,  we  chose  the  25  Ones  to  Watch.  To  select  the 
winners  of  the  Ones  to  Watch  Standout  awards,  the  editors  reviewed  the  applications  and 
judging  scores  of  all  the  finalists  to  determine  which  candidates  showed  an  outstanding 
aptitude  for  business  strategy,  leading  change,  team-building,  driving  projects  or  innovation. 


ment  team  to  accommodate  the  talents 
and  interests  of  his  best  and  bright¬ 
est.  “You  don’t  always  have  to  manage 
through  tasks  and  milestones,”  says 
Cramm.  “With  promising  leaders,  you 
can  just  create  space  in  front  of  them.  If 
it  plays  into  their  interests,  they  will  fill 
up  that  space.” 

Kalia  also  recognizes  that  he  has  strong 
leaders  on  his  team  who  don’t  want  to 
be  in  senior  management.  “People  can 
lead  in  different  ways,”  says  Kalia,  who’s 
divided  his  management  organization 
into  two  streams— technical  specialists 
and  leaders  of  people— that  are  parallel 
right  up  to  the  senior  level.  “You  can  take 
a  promising  technical  person  and  really 
screw  up  their  career  by  promoting  them 
into  senior  management.  Instead,  we  let 
them  be  technical  leaders.  They  know  a 
certain  part  of  the  business  inside  and 


out.  And  they’re  still  setting  directions 
for  the  company  the  way  senior  manage¬ 
ment  leaders  do.” 

CIOs  who  are  skilled  at  cultivating, 
empowering  and  rewarding  IT  leaders 
will  see  their  efforts  come  full  circle.  The 
leaders  they’ve  encouraged  will  them¬ 
selves  encourage  new  leaders.  Direct 
Energy’s  OT W  honoree  Scott  is  involved 
in  cultivating  top 
talent  from  tech 
grad  schools.  The 
first  four  members 
of  Scott’s  program 
graduate  next  year. 
That  90-day  review 
and  reward  process 
at  BT?  That  was 
developed  by  OTW 


winner  Rosarius. 

Back  at  Motorola,  Morrison  has  seen 
16  of  her  IT  leaders  go  on  to  become 
CIOs  at  other  companies.  Then  there’s 
her  OTW  winner  Kozik.  Her  role  now 
even  encroaches  on  Morrison’s  core 
responsibilities,  with  Kozik  developing 
a  two-  to  three-year  strategic  vision  for 
the  integrated  supply  chain  group. 

“I  have  strong  leaders,  ”  says  Mor¬ 
rison.  “I  tell  people,  I  can  sleep  at  night 
now.  I  do  have  times  when  I  am  bored 
and  my  team  will  tell  me  to  go  take  a 
vacation.  But  those  are  good  problems 
to  have.”  BE] 


Reach  Senior  Editor  Stephanie  Overby  at 
soverby@cio.com.  To  comment  on  this 
story,  go  to  www.cio.com/onestowatch. 


CIOs  want  business-savvy  senior  staff,  but  these  folks  are  hard 
to  find.  IT  leaders  and  Ones  to  Watch  winners  Cathie  Kozik  of 
Motorola,  Hugh  Scott  of  Direct  Energy  and  Jack  Yeh  of  Northrop 
Grumman  will  discuss  the  importance  of  BUSINESS  SKILLS, 
how  to  acquire  them  and  how  to  apply  them  in  this  open  CIO 
Executive  Council  teleconference  on  May  15  from  12:00-1:00 
p.m.  EST.  Register  with  Rick  Pastore  at  rpastore@cio.com. 
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■  THE  JUD 

GES  All  nominees  were  critiqued  by  three  members  of  our  judging  panel. 
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The  Mid-Market  CIO 


What  Are  the 


hall 


GERRY 

MCCARTNEY 

CIO  and  Interim  VP  for  IT 
Purdue  University 

Based  in  West  Lafayette.  Ind., 
Purdue  is  a  public,  four-year 
institution  of  higher  education. 


GARY  THOMSON 

CIO  and  SVP,  Choice  Hotels 

A  hospitality  corporation  with 
a  portfolio  of  hotel  brands 
including  Comfort  Inn, 
Clarion  and  EconoLodge. 


Tight  budgets.  Leadership  churn. 
Meeting  the  demands  of  the  busi¬ 
ness.  Ones  to  Watch  CIOs  share  their 
secrets  for  addressing  these  issues 
in  mid-market  organizations. 


BY  KATHERINE  WALSH 


JOHN  HAYES 

CIO,  Air  Force 
Reserve  Command 

A  major  command  of  the 
U.S.  Air  Force  with 
headquarters  at  Robins  Air 
Force  Base  in  Georgia. 


SUE  POWERS 

CIO  and  SVP,  Worldspan 

Provider  of  travel  technology 
services  for  industry 
suppliers,  agencies, 
e-commerce  sites  and 
corporations. 


GERRY  MCCARTNEY 
Purdue  University  is  in  a  somewhat 
unique  position  when  it  comes  to  mid¬ 
market  challenges.  Although  we  are  a 
mid-market  organization,  we  are  also  1 
the  biggest  IT  employer  in  our  area.  So 
we  can  act  like  a  big  dog. 


The  biggest  challenge  I’ve  faced  as  a  mid-market  CIO  is  churn 
at  the  leadership  levels  within  IT.  It  is  absolutely  true  that  you  are  only 
as  good  as  your  people.  So  hiring  the  best  people  you  can  get  is  critical  to 
the  organization.  The  best  people  are  smart,  can  pick  up  new  ideas  and 
concepts  quickly,  and  have  energy,  focus  and  motivation. 

Once  you  get  the  best  employees,  you  need  to  be  able  to  retain  them. 
That  means  having  very  clear  staff  development  models.  You  need  to 
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make  it  attractive  for  your  best  individual  contributors  to 
stay  in  your  organization. 

One  of  the  ways  I’ve  overcome  this  challenge  is  by  giving 
top-performing  senior  managers  more  significant  develop¬ 
ment  opportunities,  such  as  major  projects  and  external  expo¬ 
sure.  This  allows  them  to  experience  their  own  career  growth, 
which  is  essential  to  succession  planning. 

I’m  not  really  aware  of  any  other  particular  challenges  from 
being  a  mid-market  CIO.  I  do  believe  that  to  succeed  as  a  leader 
you  need  to  know  what  drives  your  industry  and  therefore 
your  organization.  That’s  the  first  step.  The  second  is  to  focus 
all  the  resources  you  can  on  those  drivers.  Along  those  lines, 
a  close  relationship  to  the  business  is  essential.  When  IT  has  a 
major  proposal,  you  need  to  test  it  against  your  core  business 
drivers.  The  CIO  also  needs  to  make  sure  all  managers  and 
staff  understand  how  what  they  are  doing  relates  to  those  core 
drivers.  So  at  least  twice  a  year  you  need  to  strategically  review 
your  actual  projects  to  ensure  that  you’re  staying  focused  on 
your  industry  and  company  drivers. 

I  think  this  is  what  any  leader  should  do  regardless  of  the 
size  of  the  organization. 


GARY  THOMSON 
Choice  Hotels  International  is  a  total  franchise 
company.  Our  franchise  revenue  figures  may 
put  us  in  the  mid-market  category  but  we  are 
bigger  than  that  from  an  IT  perspective.  The 
information  systems  department  supports  a 
$5  billion  enterprise  with  over  5,300 
Ip  ^  hotels  located  in  the  United  States 

It  and  internationally. 

AM  f§  My  number-one  concern  is  trying 

y  MWl  to  Provide  all  the  systems  capabilities 

\  desired  by  the  other  business  units  as 

quickly  as  they  want  them,  but  to  do  so 
jB^  within  Choice’s  IS  architectural  frame¬ 
work.  In  order  to  be  as  effective  as  possible,  it 
is  important  that  our  systems  are  well  integrated. 
That  allows  us  to  provide  consistent,  easy-to-use  functions 
to  our  guests  and  our  franchisees  across  the  enterprise.  The 
tension  we  feel  is  to  get  projects  done  quickly  while  staying 
within  a  consistent  information  systems  architecture. 

I  suspect,  however,  my  key  challenges  are  similar  to  those  of 
other  CIOs,  whether  they  are  with  large  or  small  companies. 
Choice,  like  many  companies,  is  highly  dependent  on  IT.  Our 
business  model  is  to  provide  a  set  of  marketing  and  sales  dis¬ 
tribution  services  to  our  franchisees  at  a  price  point  that  makes 
them  profitable.  Increasingly,  those  services  are  becoming  IS 


“Hiringandkeepingthe 
appropriate  staff  is  the  number- 
one  leadershipchallenge.” 

-Choice  Hotels  CIO  Gary  Thomson 

and  technology  dependent.  Hiring  and  keeping  the  appropri¬ 
ate  staff  is  the  number-one  leadership  challenge.  We  appeal 
to  potential  hires  by  convincing  them  that  there  are  a  lot  of 
exciting  technical  challenges  here  at  Choice  and  that  it’s  a  good 
career  move  for  them  to  learn  and  grow  their  skill  sets.  More¬ 
over,  a  good  technology  environment  with  a  positive  attitude 
toward  innovation  helps  us  retain  good  employees. 

My  leadership  style  is  to  keep  a  collegial,  relaxed  environ¬ 
ment  despite  the  need  to  move  quickly  to  meet  the  demands  of 
the  business.  I  try  to  make  sure  that  I  give  my  staff  authority 
when  I  give  them  responsibility.  If  a  person  does  well,  I  want 
them  to  get  the  recognition.  If  someone  messes  up,  I  never 
berate  them.  Rather,  I  try  to  use  the  situation  as  a  learning 
opportunity  for  personal  and  team  growth. 

I  manage  in  a  quiet,  supportive  mode.  I  want  people  to 
feel  like  they  can  try  out  new  ideas,  be  innovative  and  be 
recognized  for  their  innovation.  Other  than  that,  I  try  to  lead 
with  integrity,  candor  and  trust. 


JOHN  HAYES 
As  the  CIO  for  the  Reserve 
Command  (AFRC),  I  divide 
my  responsibilities  into 
three  major  areas:  providing 
core  information  technology 
services  to  reservists  at  17  host 
locations,  using  IT  to  make  AFRC 
better,  and  providing  combat-ready  commu¬ 
nications  and  information  capabilities  to  the 
war  fighter.  The  primary  challenges  we  face 
are  balancing  access  to  the  AFRC  network 
against  securing  it  from  outside  attacks,  main¬ 
taining  a  qualified  workforce  and  looking  for 
opportunities  to  reduce  service  costs. 

My  largest  leadership  obstacle  was  entering  the  job  as  an 
outsider.  I  am  actually  an  active-duty  Air  Force  officer  and  had 
never  dealt  with  AFRC  before  in  my  25-plus-year  career.  When  I 
arrived  at  our  headquarters  in  July  2005,  none  of  the  senior  staff 
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SunGard  provides  uncommonly  strong  techniques  to 
keep  your  IT  systems  available.  You’re  always  in  control, 
with  a  broad  range  of  hosting  and  recovery  services  at 
your  command.  You’re  always  confident,  because 
SunGard’s  extensive  redundancy,  highly  experienced 
people,  and  100%  recovery  success  rate  are  working 
in  your  favor. 

With  access  to  some  of  the  industry’s  most  extensive 
IT  resources,  you’re  able  to  achieve  precise  levels  of 
Information  Availability  across  the  enterprise.  Prioritize 
the  availability  of  each  critical  application — from  “always 


on”  to  advanced  recovery — while  knowing  that  your 
solution  can  seamlessly  scale  as  your  business  evolves. 
To  the  exact  degree  you  demand.  At  the  exact  time 
you  need  it. 

You  set  the  levels,  we’ll  do  the  rest.  SunGard  keeps 
you  in  control  with  a  more  precise  approach  to 
Information  Availability. 

SUNGARD*  Sffla. 

Availability  Services  Connected '? 
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“I  found  that  listening  to  the  managers  and  having  them  lead 
arojects  to  improve  processes  and  performance  delivers  solutions 
arsuperiorto  top-down  problem  solving.”  -w0ridsPancio  sue  Powers 


knew  me,  and  I  didn’t  know  any  of  them.  It  took  me  until  a  few 
months  after  my  arrival  to  feel  like  I  was  part  of  the  team. 

My  previous  jobs  gave  me  technical  credibility,  but  I  had  to 
earn  the  senior  leader  trust  before  I  could  be  effective  as  the 
Reserve  Command’s  CIO.  I  earned  this  trust  by  not  being  the 
IT  geek  but  instead  learning  the  uniqueness  of  the  Reserve 
Command  mission,  establishing  personal  relationships  with 
my  fellow  senior  staff  and  visiting  many  of  our  45  locations. 

As  I  think  about  the  secrets  of  my  success  in  a  mid-market 
organization,  I  don’t  feel  any  of  them  are  earth-shattering.  I 
try  to  surround  myself  with  people  who  are  smarter  than  me 
(not  a  difficult  task).  I  make  sure  that  we  don’t  hire  people 
who  match  the  skills  we  already  have.  For  instance,  when  I 
was  hiring  my  deputy,  I  hired  an  individual  without  a  strong 
IT  background  but  who  had  a  very  strong  Reserve  Command 
operations  background,  unlike  me.  I  tend  to  hire  people  who 
I  periodically  have  to  rein  in  because  I’d  rather  have 
an  overly  aggressive  staff  than  one  that  needs  to 
be  kick-started  every  once  in  a  while.  I’ll  gladly 
fix  the  broken  glass  that  comes  with  aggressive 
individuals. 

From  a  personal  standpoint,  I’ve  had  to  shift 
my  focus  from  the  “tyranny  of  the  immediate”  to 
a  longer-range,  more  strategic  perspective.  If  I’m 
not  working  a  couple  of  issues  that  will  take  one  to 
two  years  to  complete,  I’m  being  too  short-sighted. 

SUE  POWERS 
Worldspan  provides  travel  technology 
services  for  industry  suppliers,  agencies, 
e-commerce  sites  and  corporations.  But  as 
a  mid-market  company,  we  don’t  have  an 
unlimited  IT  budget.  Our  challenge  was 
that  too  often  customers  would  assume  that 
IT  couldn’t  support  an  initiative,  had  prob¬ 
lems  or  wasn’t  delivering. 

To  overcome  those  negative  perceptions,  we  imple¬ 
mented  a  monthly  Balanced  Scorecard  and  quarterly  port¬ 
folio  reporting.  This  gives  us  an  opportunity  to  present  a 
balanced  picture  of  performance,  show  what  has  been  deliv¬ 
ered  and  what  is  being  worked  on,  and  sets  up  an  oppor¬ 
tunity  to  discuss  issues  and  plans  with  stakeholders.  This 


dialogue  and  reporting  ensures  the  customer  is  informed 
and  involved  in  setting  priorities  and  making  resources 
decisions.  We  never  say  no.  We  present  options  and  let  the 
customer  make  the  trade-off  decision. 

There  are  several  critical  success  factors  that  have  helped 
me  as  an  IT  leader  of  a  mid-market  company.  One  of  the 
most  important  is  to  motivate  my  staff.  To  engage  the  staff, 
they  need  to  understand  the  value  IT  delivers  to  the  organi¬ 
zation.  They  also  need  to  know  how  what  they  are  doing  fits 
into  the  overall  strategy  of  the  company.  They  need  to  have 
well-documented  processes  and  standards  so  they  know 
what  is  expected  and  have  the  opportunity  to  have  challeng¬ 
ing  and  meaningful  assignments. 

A  great  way  to  do  this  is  to  develop  an  IT  strategy  map 
that  flows  from  the  company  strategy.  The  strategy  map 
illustrates  the  IT  value  and  the  linkage  between  objectives 
and  initiatives.  It  helps  us  balance  the  various  per¬ 
spectives:  what  we  are  trying  to  do  in  terms  of  IT 
value  and  user  satisfaction,  how  we  do  it  and 
preparing  for  the  future. 

The  frontline  managers  have  a  huge  role 
when  it  comes  to  the  linkage  between  IT  value 
and  delivery.  They  know  what  the  organizational 
issues  are  and  how  to  solve  them.  I  found  that  lis¬ 
tening  to  the  managers  and  having  them  lead  proj¬ 
ects  to  improve  processes  and  performance  can  deliver 
solutions  far  superior  to  top-down  problem  solving. 

Another  key  to  leadership  is  to  keep  employees  encour¬ 
aged  and  happy.  We  recently  implemented  a  new  “pay  for 
performance”  program  that  provides  more  than  the  annual 
merit  and  profit-sharing  bonus.  We  also  have  spot  awards, 
skills  improvement  salary  increases,  bonus  opportunities 
throughout  the  year,  an  employee-of-the-week  parking  spot 
and  so  on.  These  programs  help  us  reward  good  work  all 
year  long  and  keep  the  staff  motivated.  BE] 


Contact  Associate  Staff  Writer  Katherine  Walsh  at  kwalsh@cio.com. 
To  comment  on  this  story,  go  to  www.cio.com/onestowatch. 
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fopics  to  include: 

•  Structuring  a  Business  Continuity 
Plan:  Treatment  to  Prevention 

•  Legal  Requirements 

•  The  Looming  Threats: 

Terrorism  to  Pandemic 

•  Selling  the  Plan 

•  Business  Resiliency  in  the 
Supply  Chain 

•  Personnel  Training  &  Exercises 

•  Outsourcing/ Insourcing 


The  Three  Key  Pillars  of  Resiliency: 

CIO  &  CSO  Business  Continuity  Forum  2007...  Building 
the  Resilient  Enterprise  will  provide  attendees  with  the  key 
strategic  and  tactical  skills  necessary  to  address  the  issues 
of  continuity,  recovery  and  resiliency  in  their  enterprises. 
Attendees  will  walk  away  with  the  knowledge  of  how  to 
enable  enterprise  resiliency  within  their  organizations. 

If  you  are  a  CIO,  CSO,  CTO  or  other  business  technology 
executive  you  won’t  want  to  miss  this  program!  Visit 
www.cio.com/bc_2007  or  call  800.366.0246  for  additional 
program  information. 
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The  Origins  of  Geek 


The  words  we  use  shape  our  thoughts.  Here’s  where 
those  words  come  from. 


to  block  the  splatter.  And  that’s  why 
that  set  of  gauges  on  the  screen  in 
front  of  you  is  a  dashboard  too. 


In  the  1800s,  New  England  loggers  took 
bales  of  hay  into  the  forest  with  them  to 
feed  their  horses.  These  bales  were  bound 
with  thin  wire  that  was  also  used  to  make 
small  repairs  to  the  loggers'  equipment. 
The  more  that  stuff  broke,  the  more  wire 
the  loggers  needed.  If  they  ended  up 
using  a  lot  of  wire,  they  were  derisively 
called  haywire  outfits.  Linguistically,  the 
fix  (the  wire)  merged  with  the  breakdown, 
and  a  process  that  needed  a  lot  of  fixes 
is  said  to  be  going  haywire,  as  many  of 
your  gadgets  are  surely  doing  right  now. 


Before  sentencing  a  prisoner  to  death  in 
ancient  Ireland,  the  judge  would  don  a 
"cap  of  death”  or  c/e  bais.  In  Gaelic,  c/e 
bais  is  pronounced  ky-bosh.  Now  you 
put  the  kibosh  on  expensive  software 
projects  going  nowhere. ..like  those  Wi-Fi 
kiosks  that  would  provide  public  access 
to  the  network  dashboard,  especially 
after  you  read  a  pundit’s  two  cents’  worth 
in  a  white  paper  on  one  soup-to-nuts 
deployment  that  went  haywire  because  of 
shoddy  development  practices  by  geeks. 


In  the  circus,  a  performer  who  sank 
sufficiently  low  would  do  horrible 
things  (like  biting  the  heads  off  live 
chickens)  for  booze  money.  That  poor 
soul  was  called  a  geek.  How  it  came 
to  describe  techies  is  unknown. 


During  the  Civil  War,  the  cheapest  cigar 
you  could  buy  cost  two  pennies.  “Two- 
center"  cigars  became  synonymous  with 
cheapness,  and  by  the  late  1800s,  people 
who  wanted  to  project  faux-humility 
would  offer  their  two  cents’  worth,  and 
they  still  do  in  your  meetings  today. 


In  the  1600s,  a  formal  meal  would 
start  with  eggs  and  end  with  apples. 
Thus,  the  meal  went  from  eggs  to 
apples.  By  the  mid-20th  century,  meals 
began  with  soup  and  ended  with  fruit 
and  nuts,  which  is  why  you  manage 
ERP  projects  from  soup  to  nuts. 


A  scandal  erupted  duringthe  Civil  War 
when  some  textilers  sold  the  army  uni¬ 
forms  made  out  of  the  scraps  left  over 
from  their  wool-making  processes.  This 
cheap  fabric  was  called  shoddy.  In  no 
time  the  noun  turned  into  an  adjective, 
which  is  why  you  tell  your  develop¬ 
ers  that  they  write  shoddy  code. 


In  Victorian  England,  policy  and  leg¬ 
islation  were  delivered  to  Parliament 
in  gigantic  books  with  blue  covers 
called,  not  surprisingly,  Blue  Papers. 


Lesser,  shorter  government  busi 
was  delivered  in  smaller  books  with 
white  covers.  That’s  why  IDC  sells  you 
a  white  paper  and  not  a  blue  paper. 


Speaking  of  England,  Brits  who  trav¬ 
eled  there  met  Hindi  scholars  who 
taught  religion  and  law.  They  were  known 
as  pandits.  Soon  enough,  scholarly 
Londoners  were  being  called  pundits, 
and  that’s  what  we  call  our  esteemed 
CIO  columnist  Michael  Schrage. 


Europeans  also  borrowed  ideas  from 
Persia,  like  the  graceful,  outdoor  pavil¬ 
ions  used  in  Turkey  for  public  meetings 
The  Turks  called  them  kiushks.  In  the 
West,  these  pavilions  were  put  to  more 
prosaic  uses,  like  selling  newspapers. 
Now  kiosks  are  any  place— or  web¬ 
site— for  public  notices  and  peddling. 

«  ®  ®  • 

On  busy  roads  in  the  1500s,  horses’ 
hooves  dashed  mud  and  water  on 
the  carriages  they  pulled,  so  leather 
aprons  and  wooden  planks— dash¬ 
boards— were  mounted  on  the  fronts 
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Panasonic 

T0UGHB00K  Y5 


When  your  employees  rely  on  you  to 
stay  connected  and  productive,  get 
them  the  new  stylish  and  dependable 
Panasonic  Toughbook®  Y5  with 
Verizon  Wireless  BroadbandAccess 
Built-In.  Its  rugged  design,  lightweight 
construction  and  6-hour  battery  life 
provide  the  power  and  durability 
Toughbook  is  famous  for.  And  access 
to  America’s  most  reliable  wireless 
broadband  network  is  already  built  in, 
so  you’re  no  longer  dependent  on  Wi-Fi 
hotspots  and  it’s  easy  to  keep  your  workforce 
up  and  running.  Give  your  employees  the 
freedom  to  work  on  the  go,  on  the  notebook 
and  the  network  you  can  count  on. 

Buy  a  new  Toughbook  Y5  and  get  a: 

$75  mail-in  rebate  on 
BroadbandAccess  service  with 
a  new  2-yr  activation.* 


Panasonic  ideas  for  life 


Vert  Otiwireless 


$59.99  or  higher.  Verizon  Wireless  surcharges  (incl.  Fed.  Unfv.  Svc.  of  9.7%  of  interstate  &  int  i  telecom  charges  (varies 


combined  with  other  offers.  Offers  &  coverage  not  available  everywhere.  Certain  restrictions  apply.  Wireless  service  not  included  with  notebook.  Limit  one 
rebate  offer  per  wireless  phone  number  and  ESN  or  MEID.  Equipment  must  be  activated  on  Verizon  Wireless  service  to  receive  rebate.  Not  available  on  Federal, 
.State  or  Local  Government  lines  of  service.  Corporate  equipment  pricing  not  eligible  for  rebate.  Rebates  will  be  eligible  for  processing  after  validation  of 
active  BroadbandAccess  service  on  this  equipment  for  30  consecutive  days  after  date  of  activation.  Once  validated,  rebate  will  be  mailed  within  4-6  weeks. 
Offer  valid  April  1- June  30,  2007.  Network  claim  based  on  fewest  aggregate  blocked  and  dropped  connections.  See  verizonwireless.com/bestnetwork  for 
details.  BroadbandAccess  is  available  in  242  major  metropolitan  areas  and  180  primary  airports  in  the  U.S.,  covering  more  than  202  million  people. 

<£>2007  Verizon  Wireless. 

Toughbook  notebook  PCs  are  covered  by  a  3-year  limited  warranty,  parts  and  labor.  To  view  the  full  text  of  the  warranty,  log  on  to 
www. Panasonic  com/business/toughbook/premium  services. asp.  Please  consult  your  Panasonic  representative  prior  to  purchase. 

<£2007  Panasonic  Corporation  of  North  America.  AH  rights  reserved.  m 


Contact  CDw}  a  Panasonic  partner 
CALL  1.888.578.4239 
CLICK  verizonwireless.com/panasonic 
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The  alphabet  soup  of  SOX, 

COBIT,  and  ISO  is  connected  to  untold  stress  on  the  CEO,  CFO,  and  CIO 

is  connected  to  the  call  for  a  clear  compliance  strategy  by  EOD 

is  connected  to  the  one  solution  for  defining,  controlling, 

and  governing  your  IT  policy  compliance  ASAP. 


©  2007  Symantec  Corporation.  All  rights  reserved.  Symantec  and  the  Symantec  Logo  are  registered  trademarks  of  Symantec  Corporation. 


Software  that  makes  compliance  more  manageable.  Aligning  it  with  today’s  compliance  regulations  is 
complicated  and  costly.  We  understand  this  better  than  anyone.  Our  software  distills  the  most  common  compliance 
regulations  and  business  processes  into  clear,  actionable  IT  policies.  Our  Global  Services  team  then  works  for  you-from 
assessment  to  implementation-to  provide  a  solution  that’s  tailored  to  your  needs.  For  a  better  view  of  compliance, 
visit  symantec.com/confidence 

Confidence  in  a  connected  world. 


3  Symantec. 


